whats new: rename security section

docs/sources/guides/whats-new-in-v6-0.md

@@ -27,7 +27,7 @@ The main highlights are:
 - [Azure Monitor]({{< relref "#azure-monitor-datasource" >}}) plugin is ported from being an external plugin to being a core datasource
 - [React Plugin]({{< relref "#react-panels-query-editors" >}}) support enables an easier way to build plugins.
 - [Named Colors]({{< relref "#named-colors" >}}) in our new improved color picker.
-- [Removal of user session storage]({{< relref "#easier-to-deploy-more-secure" >}}) makes Grafana easier to deploy & more secure.
+- [Removal of user session storage]({{< relref "#easier-to-deploy-improved security" >}}) makes Grafana easier to deploy & improved security.
 
 ## Explore
 
@@ -130,7 +130,7 @@ The Azure Monitor datasource integrates four Azure services with Grafana - Azure
 
 Grafana now added support for provisioning alert notifiers from configuration files. Allowing operators to provision notifiers without using the UI or the API. A new field called `uid` has been introduced which is a string identifier that the administrator can set themselves. Same kind of identifier used for dashboards since v5.0. This feature makes it possible to use the same notifier configuration in multiple environments and refer to notifiers in dashboard json by a string identifier instead of the numeric id which depends on insert order and how many notifiers that exists in the instance.
 
-## Easier to deploy & more secure authentication
+## Easier to deploy & improved security
 
 Grafana 6.0 removes the need of configuring and setup of additional storage for [user sessions](/tutorials/ha_setup/#user-sessions). This should make it easier to deploy and operate Grafana in a
 high availability setup and/or if you're using a stateless user session storage like Redis, Memcache, Postgres or MySQL.
@@ -141,11 +141,13 @@ Read more about the short-lived token solution and how to configure it [here](/a
 
 > Please note that due to these changes, all users will be required to login upon next visit after upgrade.
 
-Besides these changes we have also introduced [SameSite](https://www.owasp.org/index.php/SameSite) setting to protect against Cross-Site Request Forgery (CSRF) and Cross-site Scripting (XSS) attacks. This setting enables more control of when the browser include cookies in requests. Its set to `lax` by default but can be configured using `cookie_samesite` under `[security]`
+Besides these changes we have also introduced [SameSite](https://www.owasp.org/index.php/SameSite) setting to protect against Cross-Site Request Forgery (CSRF). This setting enables more control of when the browser include cookies in requests. Its set to `lax` by default but can be configured using `cookie_samesite` under `[security]`
 
 > If you're using [Auth Proxy Authentication](/auth/auth-proxy/) you still need to have user sessions setup and configured
 but our goal is to remove this requirements in a near future.
 
+We also disable script tags in text panels by defult to avoid Cross-site Scripting (XSS) attacks.
+
 ## Named Colors
 
 {{< docs-imagebox img="/img/docs/v60/named_colors.png" max-width="400px" class="docs-image--right" caption="Named Colors" >}}

docs/sources/installation/upgrading.md

@@ -147,4 +147,4 @@ login_maximum_inactive_lifetime_days = 1
 login_maximum_lifetime_days = 1
 ```
 
-The default cookie name for storing the auth token is `grafana_sess`. you can configure this with `login_cookie_name` in `[auth]` settings.
\ No newline at end of file
+The default cookie name for storing the auth token is `grafana_session`. you can configure this with `login_cookie_name` in `[auth]` settings.
\ No newline at end of file