diff options
| author | Andrey Andreev <narf@devilix.net> | 2017-01-04 16:01:44 +0100 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2017-01-04 16:01:44 +0100 |
| commit | ec8dbbb79bb083acd1cf6beff5abea055b583db5 (patch) | |
| tree | cac3926b5266c2868b4c9b82bce3346f1bfe53e9 /user_guide_src/source/changelog.rst | |
| parent | cfd52edad6a4ae84b0c34755455b5b7b164878be (diff) | |
Fix a possible file inclusion vulnerability in CI_Loader::vars()
Diffstat (limited to 'user_guide_src/source/changelog.rst')
| -rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index d889d4b28..fff17110e 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -10,6 +10,7 @@ Release Date: Not Released - **Security** - Fixed an XSS vulnerability in :doc:`Security Library <libraries/security>` method ``xss_clean()``. + - Fixed a possible file inclusion vulnerability in :doc:`Loader Library <libraries/loader>` method ``vars()``. - Added protection against timing side-channel attacks in :doc:`Security Library <libraries/security>` method ``csrf_verify()``. - Added protection against BREACH attacks targeting the CSRF token field generated by :doc:`Form Helper <helpers/form_helper>` function :php:func:`form_open()`. |