1.5.1 release announcement

Daniel15 · Daniel15 · commit 2ba00cc9e153 · 2015-04-23T21:58:54.000-07:00
diff --git a/site/jekyll/_posts/2015-04-23-1.5.1-release.md b/site/jekyll/_posts/2015-04-23-1.5.1-release.md
@@ -0,0 +1,25 @@
+---
+title: "ReactJS.NET 1.5.1 - Security update"
+layout: post
+author: Daniel Lo Nigro
+---
+
+I'm happy to announce the release of ReactJS.NET 1.5.1! This is a bug fix release and fixes a potential XSS issue with server-side rendering. JSON.NET does not escape HTML characters in its JSON output by default. As ReactJS.NET uses JSON.NET to output the props of server-side rendered components, a prop that accepts arbitrary user input could potentially contain script tags, allowing for XSS.
+
+Escaping of HTML is now enabled by default. If you are using custom JSON serializer settings, you can enable HTML escaping by setting `StringEscapeHandling` to `StringEscapeHandling.EscapeHtml`:
+
+```csharp
+ReactSiteConfiguration.Configuration.SetJsonSerializerSettings(
+  new JsonSerializerSettings
+  {
+    StringEscapeHandling = StringEscapeHandling.EscapeHtml
+  }
+);
+```
+
+Have fun, and as always, please feel free to send feedback or bug reports
+[on GitHub](https://github.com/reactjs/React.NET).
+
+— Daniel
+
+*Thanks to [Li Huan Jeow](https://www.linkedin.com/in/huan086) for the report.*
