diff --git a/CHANGELOG.md b/CHANGELOG.md index 5da59110f..47183460d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,19 @@ the full log, please refer to the git commit history. > See https://github.com/threema-ch/threema-web/pull/996 for more details. +### [v2.4.4][v2.4.4] (2022-09-14) + +This release contains an XSS security fix. Note that the vulnerability was not +exploitable in practice on the official server instances thanks to the strict +CSP rules. If you host your own version of Threema Web without strict CSP +rules, please make sure to update quickly. + +Changes: + +* [security] Fix XSS of nickname in contact details ([#1151][i1151]) +* [bug] Lock reconnect button to prevent multiple pushes ([#1150][i1150]) + + ### [v2.4.3][v2.4.3] (2022-08-19) Changes: @@ -1211,7 +1224,10 @@ First public release. [i1139]: https://github.com/threema-ch/threema-web/pull/1139 [i1145]: https://github.com/threema-ch/threema-web/pull/1145 [i1146]: https://github.com/threema-ch/threema-web/pull/1146 +[i1150]: https://github.com/threema-ch/threema-web/pull/1150 +[i1151]: https://github.com/threema-ch/threema-web/pull/1151 +[v2.4.4]: https://github.com/threema-ch/threema-web/compare/v2.4.3...v2.4.4 [v2.4.3]: https://github.com/threema-ch/threema-web/compare/v2.4.2...v2.4.3 [v2.4.2]: https://github.com/threema-ch/threema-web/compare/v2.4.1...v2.4.2 [v2.4.1]: https://github.com/threema-ch/threema-web/compare/v2.4.0...v2.4.1 diff --git a/package-lock.json b/package-lock.json index 92b3e5c46..ad7a55163 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "threema-web", - "version": "2.4.3", + "version": "2.4.4", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 4d83afd0c..b8454c754 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "threema-web", - "version": "2.4.3", + "version": "2.4.4", "description": "Threema Webclient", "scripts": { "build": "npm run build:js && npm run build:css",