From 0733cd6a9baaa5c31679f539df8ae0d9b9d6d48a Mon Sep 17 00:00:00 2001
From: RiotRobot <releases@riot.im>
Date: Mon, 17 May 2021 13:57:03 +0100
Subject: [PATCH] Prepare changelog for v1.7.28

---
 CHANGELOG.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dec5c3a6e4..8a8a0c2ea8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,22 @@
+Changes in [1.7.28](https://github.com/vector-im/element-web/releases/tag/v1.7.28) (2021-05-17)
+===============================================================================================
+[Full Changelog](https://github.com/vector-im/element-web/compare/v1.7.28-rc.1...v1.7.28)
+
+## Security notice
+
+Element Web 1.7.28 fixes (by upgrading to matrix-react-sdk 3.21.0) a low
+severity issue (GHSA-8796-gc9j-63rv) related to file upload. When uploading a
+file, the local file preview can lead to execution of scripts embedded in the
+uploaded file, but only after several user interactions to open the preview in
+a separate tab. This only impacts the local user while in the process of
+uploading. It cannot be exploited remotely or by other users. Thanks to
+[Muhammad Zaid Ghifari](https://github.com/MR-ZHEEV) for responsibly disclosing
+this via Matrix's Security Disclosure Policy.
+
+## All changes
+
+ * Upgrade to React SDK 3.21.0 and JS SDK 11.0.0
+
 Changes in [1.7.28-rc.1](https://github.com/vector-im/element-web/releases/tag/v1.7.28-rc.1) (2021-05-11)
 =========================================================================================================
 [Full Changelog](https://github.com/vector-im/element-web/compare/v1.7.27...v1.7.28-rc.1)