summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source/changelog.rst
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2015-07-20 14:28:26 +0200
committerAndrey Andreev <narf@devilix.net>2015-07-20 14:28:26 +0200
commite4e8f5daf15440ade1a80efc09af3cabe2cd1386 (patch)
treedcd0a6238989fd330558cb9976954b030170cfcd /user_guide_src/source/changelog.rst
parent2b655187e6cb3d872eafbb8feb8382f3f9252dbc (diff)
[ci skip] Update user-guide with info about 2.2.2, 2.2.3
Diffstat (limited to 'user_guide_src/source/changelog.rst')
-rw-r--r--user_guide_src/source/changelog.rst24
1 files changed, 24 insertions, 0 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 69fe08943..85bf80097 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -841,6 +841,30 @@ Bug fixes for 3.0
- Fixed a bug (#3573) - :doc:`Email Library <libraries/email>` violated `RFC5321 <https://tools.ietf.org/rfc/rfc5321.txt>`_ by sending 'localhost.localdomain' as a hostname.
- Fixed a bug (#3572) - ``CI_Security::_remove_evil_attributes()`` failed for large-sized inputs due to *pcre.backtrack_limit* and didn't properly match HTML tags.
+Version 2.2.3
+=============
+
+Release Date: July 14, 2015
+
+- Security
+
+ - Removed a fallback to ``mysql_escape_string()`` in the 'mysql' database driver (``escape_str()`` method) when there's no active database connection.
+
+Version 2.2.2
+=============
+
+Release Date: April 15, 2015
+
+- General Changes
+
+ - Added HTTP "Host" header character validation to prevent cache poisoning attacks when *base_url* auto-detection is used.
+ - Added *FSCommand* and *seekSegmentTime* to the "evil attributes" list in ``CI_Security::xss_clean()``.
+
+Bug fixes for 2.2.2
+-------------------
+
+- Fixed a bug (#3665) - ``CI_Security::entity_decode()`` triggered warnings under some circumstances.
+
Version 2.2.1
=============