Add release notes for v1.10.2

1e137405 · Peter Rotich · 9576adec · 1e137405
Commit 1e137405 authored 7 years ago by Peter Rotich
--- a/WHATSNEW.md
+++ b/WHATSNEW.md
+osTicket v1.10.2
+================
+### Performance and Security
+* Prevent Account Takeover (be0133b)
+* Prevent Agent Directory XSS (36651b9)
+* Httponly Cookies (5b2dfce)
+* File Upload Bypass (3eb1614)
+* Only allow image attachments to be opened in the browser window (4c79ff8)
+* Fix randNumber() (5b8b95a)
+* CSRF in users.inc.php URL (285a292)
+* AJAX Reflected XSS (e919d8a)
+
+
 osTicket v1.10.1
 ================
 ### Enhancements
- Users: Support search by phone number
- i18n: Fix getPrimaryLanguage() on non-object (#3799)
- Add TimezoneField (#3786)
- Chunk long text body (#3757, 7b68c994)
- Spyc: convert hex strings to INTs under PHP 7 (#3621)
- forms: Proper Field Deletion
- Move orphaned tasks on department deletion to the default department (42e2c55a)
- List: Save List Item Abbreviation (8513f137)
+* Users: Support search by phone number
+* i18n: Fix getPrimaryLanguage() on non-object (#3799)
+* Add TimezoneField (#3786)
+* Chunk long text body (#3757, 7b68c994)
+* Spyc: convert hex strings to INTs under PHP 7 (#3621)
+* forms: Proper Field Deletion
+* Move orphaned tasks on department deletion to the default department (42e2c55a)
+* List: Save List Item Abbreviation (8513f137)

 ### Performance and Security
- XSS: Encode html entities of advanced search title (#3919)
- XSS: Encode html entities of cached form data (#3960, bcd58e8)
- ORM: Addresses an SQL injection vulnerability in ORM lookup function (#3959, 1eaa6910)
+* XSS: Encode html entities of advanced search title (#3919)
+* XSS: Encode html entities of cached form data (#3960, bcd58e8)
+* ORM: Addresses an SQL injection vulnerability in ORM lookup function (#3959, 1eaa6910)


 osTicket v1.10