summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Alexandre Alapetite <alexandre@alapetite.fr> 2016-03-08 18:41:59 +0100
committerGravatar Alexandre Alapetite <alexandre@alapetite.fr> 2016-03-08 18:41:59 +0100
commit5a7455dc623fc50a1fc9962d98a8b05f48375191 (patch)
treec800a9b119eef30f7c997e1742848d7f71c3112a
parent631e0fcbd059ee86a011e8b4ed35006557a22d9a (diff)
parentb60a9896b1474ac687b2a8e0573129593c179820 (diff)
Merge branch 'FreshRSS/dev' into dev
Diffstat
-rw-r--r--CHANGELOG.md3
1 files changed, 2 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6be1a4b6a..74cb9d250 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,7 +3,8 @@
## 2016-03-xx FreshRSS 1.3.1-beta
* Security
- * Added CSP `Content-Security-Policy: default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/pull/1075)
+ * Added CSP `Content-Security-Policy: default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/issues/1075), [#1114](https://github.com/FreshRSS/FreshRSS/issues/1114)
+ * Added `X-Content-Type-Options: nosniff` [#1116](https://github.com/FreshRSS/FreshRSS/pull/1116)
* Features
* New list of domains for which to force HTTPS (for images, videos, iframes…) defined in `./data/force-https.default.txt` and `./data/force-https.txt` [#1083](https://github.com/FreshRSS/FreshRSS/issues/1083)
* In particular useful for privacy and to avoid mixed content errors, e.g. to see YouTube videos when FreshRSS is in HTTPS
generated by cgit v1.2.3 (git 2.39.1) at 2026-04-17 04:07:30 +0000