From 978da55e00b3c84cff7ec78c2e21c9d66a352323 Mon Sep 17 00:00:00 2001
From: Starbeamrainbowlabs <sbrl@starbeamrainbowlabs.com>
Date: Tue, 21 Sep 2021 14:10:02 +0100
Subject: [PATCH] Update changelog

---
 Changelog.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Changelog.md b/Changelog.md
index 8c52f23..15405b1 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -7,6 +7,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
 ### Fixed
  - [security] Fixed an XSS vulnerability in the `format` GET parameter of the `stats` action (thanks, @JamieSlome)
  - [security] Ensured that the `returnto` GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome)
+ - [security] Ensure that Javascript in SVGs never gets executed (it's too challenging to strip it, since it could be lurking in many different places - according to [this answer](https://stackoverflow.com/a/68505306/1460422) even Inkscape doesn't strip all Javascript when asked to)
 
 
 ## v0.23