summaryrefslogtreecommitdiffstats
path: root/NEWS
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2019-01-28 16:02:39 +0100
committerFlorian Pritz <bluewind@xinu.at>2019-01-28 17:27:26 +0100
commitb6cc01ee98cbd75f80434250beb0ab7d1f708644 (patch)
treea7527c851db9076e480d9b9fcd26e934887120e7 /NEWS
parent7d0557f9c79c130c4de0f8af810d0881d19c58d0 (diff)
Disable CSRF token regeneration for multipaste AJAX
If regeneration is on, the token is recreated after the first AJAX submit and subsequent ajax submits or normal form submits break. By disabling it here, we limit potential security issues to only this page, but it also only works if the user does not submit any other forms while they are on the AJAX page. Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS1
1 files changed, 1 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index a7567a394..c2be585bb 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
This file lists major, incompatible or otherwise important changes, you should look at it after every update.
NEXT
+ - Fix CSRF issue breaking multipaste creation page
- Update codeigniter to 3.1.10
- Remove imagemagick PDF thumbnail support due to Arch Linux disabling it in
imagemagick due to repeated security concerns.