Bug 727893: Release notes for Bugzilla 4.0.5

author Frédéric Buclin <LpSolit@gmail.com>

Fri, 17 Feb 2012 20:12:07 +0000 (21:12 +0100)

committer Frédéric Buclin <LpSolit@gmail.com>

Fri, 17 Feb 2012 20:12:07 +0000 (21:12 +0100)
author Frédéric Buclin <LpSolit@gmail.com>
Fri, 17 Feb 2012 20:12:07 +0000 (21:12 +0100)
committer Frédéric Buclin <LpSolit@gmail.com>
Fri, 17 Feb 2012 20:12:07 +0000 (21:12 +0100)
diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl

index 8b970438f220277b4bc05b93ae5ede9d52307297..4f062e955b81b08f9a50582975caf031452f6f40 100644 (file)
--- a/template/en/default/pages/release-notes.html.tmpl
+++ b/template/en/default/pages/release-notes.html.tmpl
@@ -72,6 +72,22 @@
  
  <h2 id="v40_point">Updates in this 4.0.x Release</h2>
  
+<h3>4.0.5</h3>
+
+<p>This release fixes one security issue. See the
+  <a href="http://www.bugzilla.org/security/4.0.4/">Security Advisory</a>
+  for details.</p>
+
+<p>In addition, the following important change has been made in this release:</p>
+
+<ul>
+  <li>Clickjacking could possibly occur in the attachment "View All" page if a user
+  attached a specially formatted HTML file. To fix this potential problem, the
+  "View All" page now always displays the source code for all attachments whose
+  MIME type is <em>text/html</em>.
+  (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=722161">[% terms.Bug %] 722161</a>)</li>
+</ul>
+
  <h3>4.0.4</h3>
  
  <p>This release fixes two security issues. See the
author	Frédéric Buclin <LpSolit@gmail.com>
	Fri, 17 Feb 2012 20:12:07 +0000 (21:12 +0100)
committer	Frédéric Buclin <LpSolit@gmail.com>
	Fri, 17 Feb 2012 20:12:07 +0000 (21:12 +0100)