diff options
Diffstat (limited to 'activestorage/CHANGELOG.md')
| -rw-r--r-- | activestorage/CHANGELOG.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/activestorage/CHANGELOG.md b/activestorage/CHANGELOG.md index c5171e7490..9ce177b462 100644 --- a/activestorage/CHANGELOG.md +++ b/activestorage/CHANGELOG.md @@ -1,3 +1,11 @@ +* Force `:attachment` disposition for specific, configurable content types. + This mitigates possible security issues such as XSS or phishing when + serving them inline. A list of such content types is included by default, + and can be configured via `content_types_to_serve_as_binary`. + + *Rosa Gutierrez* + + ## Rails 5.2.0.beta2 (November 28, 2017) ## * Fix the gem adding the migrations files to the package. |