fix(doc): complete release note

76db369e · Laurent Pinsivy · 734d2772 · 76db369e · 76db369e
Commit 76db369e authored Jan 28, 2021 by Laurent Pinsivy
--- a/doc/en/release_notes/centreon-2.8/centreon-2.8.35.rst
+++ b/doc/en/release_notes/centreon-2.8/centreon-2.8.35.rst
@@ -5,7 +5,21 @@ Centreon Web 2.8.35
 Security
 --------

-* [Security]: XSS stored in widget name
-* [Security]: Plain text password in Hosts, Hosts templates, Services and Services templates configuration menus
-* [Security]: XSS in Contact groups configuration
-* [Security]: XSS in Connectors command configuration menu
+* [ACL/Access Groups] Cross-site Scripting (XSS) Stored/Persistent for search
+* [ACL/Actions Access] Cross-site Scripting (XSS) Stored/Persistent for search
+* [ACL/Resources Access] Cross-site Scripting (XSS) Stored/Persistent for search
+* [Administration/LDAP] new LDAP configurations are broken
+* [Configuration > Servicegroups] Leak of technical information
+* [Configuration/Connectors/Commands] Cross-site Scripting (XSS) Stored/Persistent
+* [Configuration/Contact Groups] Cross-site Scripting (XSS) Stored/Persistent
+* [Configuration/Contact] XSS in updateContactParam.php & commonJS.php
+* [Configuration/H/HTPL/S/STPL] Password in plain text
+* [Core] Centreon token is vulnerable against replay attack
+* [Core] Lack of click diversion protection (Clickjacking)
+* [Core] Lack of protection for session cookies
+* [Core] Support for the HTTP TRACE method
+* [Core] Token usage is not mandatory
+* [Custom Views] List of user accounts in custom view
+* [Custom Views] XSS stored in widget name
+* [Media] Broken authentication of uploaded files
+* [Media] PHP warning about missing tmp dir used during media upload
\ No newline at end of file
--- a/doc/fr/release_notes/centreon-2.8/centreon-2.8.35.rst
+++ b/doc/fr/release_notes/centreon-2.8/centreon-2.8.35.rst
@@ -5,7 +5,21 @@ Centreon Web 2.8.35
 Security
 --------

-* [Security]: XSS stored in widget name
-* [Security]: Plain text password in Hosts, Hosts templates, Services and Services templates configuration menus
-* [Security]: XSS in Contact groups configuration
-* [Security]: XSS in Connectors command configuration menu
+* [ACL/Access Groups] Cross-site Scripting (XSS) Stored/Persistent for search
+* [ACL/Actions Access] Cross-site Scripting (XSS) Stored/Persistent for search
+* [ACL/Resources Access] Cross-site Scripting (XSS) Stored/Persistent for search
+* [Administration/LDAP] new LDAP configurations are broken
+* [Configuration > Servicegroups] Leak of technical information
+* [Configuration/Connectors/Commands] Cross-site Scripting (XSS) Stored/Persistent
+* [Configuration/Contact Groups] Cross-site Scripting (XSS) Stored/Persistent
+* [Configuration/Contact] XSS in updateContactParam.php & commonJS.php
+* [Configuration/H/HTPL/S/STPL] Password in plain text
+* [Core] Centreon token is vulnerable against replay attack
+* [Core] Lack of click diversion protection (Clickjacking)
+* [Core] Lack of protection for session cookies
+* [Core] Support for the HTTP TRACE method
+* [Core] Token usage is not mandatory
+* [Custom Views] List of user accounts in custom view
+* [Custom Views] XSS stored in widget name
+* [Media] Broken authentication of uploaded files
+* [Media] PHP warning about missing tmp dir used during media upload
\ No newline at end of file