diff options
author | Andrey Andreev <narf@devilix.net> | 2017-01-06 10:47:34 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2017-01-06 10:47:34 +0100 |
commit | 61fd92498db72bc511effa8c15274596afbb5010 (patch) | |
tree | 117584fb46d066c91f12d7fed76ae1f637d96295 /user_guide_src/source | |
parent | d9367b6acf96cbc407147bd4422c2cbb941ccaa1 (diff) |
[ci skip] Add a changelog entry for #4963
Diffstat (limited to 'user_guide_src/source')
-rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index fff17110e..b60a90949 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -11,6 +11,7 @@ Release Date: Not Released - Fixed an XSS vulnerability in :doc:`Security Library <libraries/security>` method ``xss_clean()``. - Fixed a possible file inclusion vulnerability in :doc:`Loader Library <libraries/loader>` method ``vars()``. + - Fixed a possible remote code execution vulnerability in the :doc:`Email Library <libraries/email>` when 'mail' or 'sendmail' are used (thanks to Paul Buonopane from `NamePros <https://www.namepros.com/>`_). - Added protection against timing side-channel attacks in :doc:`Security Library <libraries/security>` method ``csrf_verify()``. - Added protection against BREACH attacks targeting the CSRF token field generated by :doc:`Form Helper <helpers/form_helper>` function :php:func:`form_open()`. |