docs: Add release notes for 2.20.1 (#7069)

robot-ci-heartex · caitlinwheeless · web-flow · commit e82ec0f9c285 · 2025-02-12T15:55:23.000-06:00
Co-authored-by: robot-ci-heartex &lt;robot-ci-heartex@users.noreply.github.com&gt;
Co-authored-by: C L W &lt;caitlin.wheeless@gmail.com&gt;
diff --git a/docs/source/guide/release_notes/onprem/2.20.1.md b/docs/source/guide/release_notes/onprem/2.20.1.md
@@ -0,0 +1,24 @@
+---
+hide_sidebar: true
+---
+
+## Label Studio Enterprise 2.20.1
+
+<div class="onprem-highlight">Security-related fixes</div>
+
+*Feb 12, 2025*
+
+Helm Chart version: 1.9.2
+
+### Security
+
+- Image file paths are restricted as to prevent arbitrary path traversal. 
+- As an XSS prevention measure, `/projects/upload-example` no longer accepts GET requests.
+- Only recognized S3 endpoints from a list of known S3 API providers will return full list exceptions when an HTTP call is submitted.
+
+!!! note
+    If you want to use a non-standard/custom domain for hosting your S3 API and you still want full exceptions to be visible, you can add your domain to the `S3_TRUSTED_STORAGE_DOMAINS` environment variable.
+
+    Separate multiple domains with a comma. For example, if the endpoints you are using are `https://foo.mys3endpoint.net` and `https://myothers3endpoint.biz`, then you would set it as: 
+    
+    `S3_TRUSTED_STORAGE_DOMAINS=mys3endpoint.net,myothers3endpoint.biz`
