Merge branch 'master-v3.0' of github.com:pixelandtonic/cms-internal i…

…nto hotfix/merge-3.0.41 # Conflicts: # CHANGELOG-v3.md # composer.json # src/config/app.php # src/web/assets/cp/dist/js/Craft.js # src/web/assets/cp/dist/js/Craft.min.js # src/web/assets/cp/dist/js/Craft.min.js.map
craftcms · Feb 22, 2019 · 18e1c9c · 18e1c9c
2 parents c917b9d + cbea330
commit 18e1c9c
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/CHANGELOG-v3.md b/CHANGELOG-v3.md
@@ -471,6 +471,17 @@
 - Craft now destroys all other sessions associated with a user account when a user changes their password.
 - It’s no longer possible to spoof Live Preview requests.
 
+## 3.0.41 - 2019-02-22
+
+### Changed
+- System error message templates no longer parse exception messages as Markdown.
+
+### Security
+- Database backup/restore exception messages now redact the database password when using PostgreSQL.
+- URLs are no longer allowed in users’ first or last names.
+- The Request panel in the Debug Toolbar now redacts any sensitive information. ([#3619](https://github.com/craftcms/cms/issues/3619))
+- Fixed XSS vulnerabilities.
+
 ## 3.0.40.1 - 2019-02-21
 
 ### Fixed