Home Explore Help
Register Sign In
oscarleiva
/
energylink
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

docs: suggested changes

Marcus Efraimsson 6 years ago
parent
88fbe3adca
commit
ff87f6d303
1 changed files with 5 additions and 4 deletions
Split View Show Diff Stats
  1. 5 4
      docs/sources/guides/whats-new-in-v6-0.md

+ 5 - 4
docs/sources/guides/whats-new-in-v6-0.md
View File 

@@ -27,7 +27,7 @@ The main highlights are:
 
 - [Azure Monitor]({{< relref "#azure-monitor-datasource" >}}) plugin is ported from being an external plugin to being a core datasource
 
 - [React Plugin]({{< relref "#react-panels-query-editors" >}}) support enables an easier way to build plugins.
 
 - [Named Colors]({{< relref "#named-colors" >}}) in our new improved color picker.
 
-- [Removal of user session storage]({{< relref "#easier-to-deploy-improved security" >}}) makes Grafana easier to deploy & improved security.
 
+- [Removal of user session storage]({{< relref "#easier-to-deploy-improved-security" >}}) makes Grafana easier to deploy & improves security.
 
 
 ## Explore
 
 
@@ -141,13 +141,14 @@ Read more about the short-lived token solution and how to configure it [here](/a
 
 
 > Please note that due to these changes, all users will be required to login upon next visit after upgrade.
 
 
-Besides these changes we have also introduced [SameSite](https://www.owasp.org/index.php/SameSite) setting to protect against Cross-Site Request Forgery (CSRF). This setting enables more control of when the browser include cookies in requests. Its set to `lax` by default but can be configured using `cookie_samesite` under `[security]`
 
+Besides these changes we have also made security improvements regarding Cross-Site Request Forgery (CSRF) and Cross-site Scripting (XSS) vulnerabilities:
 
+
 
+* Cookies are per default using the [SameSite](/installation/configuration/#cookie-samesite) attribute to protect against CSRF attacks
 
+* Script tags in text panels are per default [disabled](/installation/configuration/#disable-sanitize-html) to protect against XSS attacks
 
 
 > If you're using [Auth Proxy Authentication](/auth/auth-proxy/) you still need to have user sessions setup and configured
 
 but our goal is to remove this requirements in a near future.
 
 
-We also disable script tags in text panels by default to avoid Cross-site Scripting (XSS) attacks.
 
-
 
 ## Named Colors
 
 
 {{< docs-imagebox img="/img/docs/v60/named_colors.png" max-width="400px" class="docs-image--right" caption="Named Colors" >}}