summaryrefslogtreecommitdiffstats
path: root/user_guide/changelog.html
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2012-05-17 10:55:43 +0200
committerAndrey Andreev <narf@bofh.bg>2012-05-17 10:55:43 +0200
commit9394f8040ee989e2dfeec42732bc06e52c5ee0c6 (patch)
tree4abbf8b47cb1acd956c9755cc4ad04ef983609cc /user_guide/changelog.html
parente463c4d71c2fdcc224e70f7576582220ae64e3d7 (diff)
parent8f04c69fe65ddc2604425eaee811b50a909d905f (diff)
Merge pull request #1366 from aphofstede/2.1-stable
Check cookie against md5 regex. 2.1 stable CSRF injection security fix
Diffstat (limited to 'user_guide/changelog.html')
-rw-r--r--user_guide/changelog.html1
1 files changed, 1 insertions, 0 deletions
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 613c4e65d..55fbceeaf 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -85,6 +85,7 @@ Change Log
<li>Fixed a bug - CI_Upload::_file_mime_type() could've failed if mime_content_type() is used for the detection and returns FALSE.</li>
<li>Fixed a bug (#538) - Windows paths were ignored when using the <a href="libraries/image_lib.html">Image Manipulation Class</a> to create a new file.</li>
<li>Fixed a bug - When database caching was enabled, $this->db->query() checked the cache before binding variables which resulted in cached queries never being found.</li>
+ <li>Fixed a bug - CSRF cookie value was allowed to be any (non-empty) string before being written to the output, making code injection a risk.</li>
</ul>