From 0254ff16707d509f030edc6615e642fe8ad72d38 Mon Sep 17 00:00:00 2001
From: Karl Kemister-Sheppard <karlkemistersheppard@gmail.com>
Date: Wed, 18 Mar 2026 11:20:16 +1000
Subject: [PATCH 1/2] Docs: DOC-3243 - Pasting an HTML document was vulnerable
 to XSS attacks on link element href attribute

---
 modules/ROOT/pages/8.4.0-release-notes.adoc | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/modules/ROOT/pages/8.4.0-release-notes.adoc b/modules/ROOT/pages/8.4.0-release-notes.adoc
index 9d8d4ba772..d21ad39075 100644
--- a/modules/ROOT/pages/8.4.0-release-notes.adoc
+++ b/modules/ROOT/pages/8.4.0-release-notes.adoc
@@ -69,6 +69,20 @@ The {productname} {release-version} release includes an accompanying release of
 
 For information on the **<Premium plugin name 1>** plugin, see: xref:<plugincode>.adoc[<Premium plugin name 1>].
 
+=== Full Page HTML
+
+The {productname} {release-version} release includes an accompanying release of the **Full Page HTML** premium plugin.
+
+**Full Page HTML** includes the following fix.
+
+==== Pasting an HTML document was vulnerable to XSS attacks on link element href attribute
+// #TINY-13673
+
+A cross-site scripting (XSS) vulnerability was discovered in the Full Page HTML plugin. Previously, malicious code within the document `<head>` was able to be executed when pasted.
+
+This vulnerability has been patched in {productname} {release-version} by ensuring that content in the document `<head>` is properly encoded.
+
+For information on the **Full Page HTML** plugin, see: xref:fullpagehtml.adoc[Full Page HTML].
 
 [[accompanying-premium-plugin-end-of-life-announcement]]
 == Accompanying Premium plugin end-of-life announcement

From 28e91af4f3f23c08a8fa3aab0ca7a3975cb52f02 Mon Sep 17 00:00:00 2001
From: Karl Kemister-Sheppard <karlkemistersheppard@gmail.com>
Date: Wed, 18 Mar 2026 16:01:30 +1000
Subject: [PATCH 2/2] Update modules/ROOT/pages/8.4.0-release-notes.adoc

Co-authored-by: Mitchell Crompton <mitchell.crompton@tiny.cloud>
---
 modules/ROOT/pages/8.4.0-release-notes.adoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/ROOT/pages/8.4.0-release-notes.adoc b/modules/ROOT/pages/8.4.0-release-notes.adoc
index d21ad39075..cb28216d67 100644
--- a/modules/ROOT/pages/8.4.0-release-notes.adoc
+++ b/modules/ROOT/pages/8.4.0-release-notes.adoc
@@ -75,7 +75,7 @@ The {productname} {release-version} release includes an accompanying release of
 
 **Full Page HTML** includes the following fix.
 
-==== Pasting an HTML document was vulnerable to XSS attacks on link element href attribute
+==== Pasting an HTML document was vulnerable to XSS attacks
 // #TINY-13673
 
 A cross-site scripting (XSS) vulnerability was discovered in the Full Page HTML plugin. Previously, malicious code within the document `<head>` was able to be executed when pasted.