[Backport][Docs] Adds security fix to 7.x RN (#53507)

benskelker · web-flow · commit 1760e2dc64ef · 2019-12-18T19:06:06.000+02:00
* updates release notes

* added html vulnerability

* corrections after review
diff --git a/docs/CHANGELOG.asciidoc b/docs/CHANGELOG.asciidoc
@@ -66,6 +66,13 @@ Machine Learning::
 * Fixes lat_long anomalies table links menu and value formatting {pull}50916[#50916]
 * Fixes loading of data visualizer with KQL saved search {pull}51882[#51882]
 Maps::
+* Fixes a cross-site scripting (XSS) flaw in Coordinate and Region Map 
+visualizations. An attacker could create a malicious visualization that 
+executes JavaScript in a victim’s browser when the visualization, or dashboard 
+containing the visualization, was viewed. Since Kibana 7.0.0, Content Security 
+Policy (CSP), which prevents attackers from using this flaw, is enabled by 
+default. However, an attacker can still inject arbitrary HTML into the page. 
+See https://www.elastic.co/community/security/, CVE-2019-7621.
 * Prevents users from overflowing URL when filtering by shape {pull}50747[#50747]
 * Delays vector tile layer syncing until spritesheet is loaded {pull}48955[#48955]
 * Sanitizes attribution {pull}52309[#52309]
