Commit 76db369e authored by Laurent Pinsivy's avatar Laurent Pinsivy
Browse files

fix(doc): complete release note

parent 734d2772
......@@ -5,7 +5,21 @@ Centreon Web 2.8.35
Security
--------
* [Security]: XSS stored in widget name
* [Security]: Plain text password in Hosts, Hosts templates, Services and Services templates configuration menus
* [Security]: XSS in Contact groups configuration
* [Security]: XSS in Connectors command configuration menu
* [ACL/Access Groups] Cross-site Scripting (XSS) Stored/Persistent for search
* [ACL/Actions Access] Cross-site Scripting (XSS) Stored/Persistent for search
* [ACL/Resources Access] Cross-site Scripting (XSS) Stored/Persistent for search
* [Administration/LDAP] new LDAP configurations are broken
* [Configuration > Servicegroups] Leak of technical information
* [Configuration/Connectors/Commands] Cross-site Scripting (XSS) Stored/Persistent
* [Configuration/Contact Groups] Cross-site Scripting (XSS) Stored/Persistent
* [Configuration/Contact] XSS in updateContactParam.php & commonJS.php
* [Configuration/H/HTPL/S/STPL] Password in plain text
* [Core] Centreon token is vulnerable against replay attack
* [Core] Lack of click diversion protection (Clickjacking)
* [Core] Lack of protection for session cookies
* [Core] Support for the HTTP TRACE method
* [Core] Token usage is not mandatory
* [Custom Views] List of user accounts in custom view
* [Custom Views] XSS stored in widget name
* [Media] Broken authentication of uploaded files
* [Media] PHP warning about missing tmp dir used during media upload
\ No newline at end of file
......@@ -5,7 +5,21 @@ Centreon Web 2.8.35
Security
--------
* [Security]: XSS stored in widget name
* [Security]: Plain text password in Hosts, Hosts templates, Services and Services templates configuration menus
* [Security]: XSS in Contact groups configuration
* [Security]: XSS in Connectors command configuration menu
* [ACL/Access Groups] Cross-site Scripting (XSS) Stored/Persistent for search
* [ACL/Actions Access] Cross-site Scripting (XSS) Stored/Persistent for search
* [ACL/Resources Access] Cross-site Scripting (XSS) Stored/Persistent for search
* [Administration/LDAP] new LDAP configurations are broken
* [Configuration > Servicegroups] Leak of technical information
* [Configuration/Connectors/Commands] Cross-site Scripting (XSS) Stored/Persistent
* [Configuration/Contact Groups] Cross-site Scripting (XSS) Stored/Persistent
* [Configuration/Contact] XSS in updateContactParam.php & commonJS.php
* [Configuration/H/HTPL/S/STPL] Password in plain text
* [Core] Centreon token is vulnerable against replay attack
* [Core] Lack of click diversion protection (Clickjacking)
* [Core] Lack of protection for session cookies
* [Core] Support for the HTTP TRACE method
* [Core] Token usage is not mandatory
* [Custom Views] List of user accounts in custom view
* [Custom Views] XSS stored in widget name
* [Media] Broken authentication of uploaded files
* [Media] PHP warning about missing tmp dir used during media upload
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment