diff options
author | Andrey Andreev <narf@devilix.net> | 2017-01-04 15:58:08 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2017-01-04 15:58:08 +0100 |
commit | cfd52edad6a4ae84b0c34755455b5b7b164878be (patch) | |
tree | 5663b32bc57bb5b0c7fc68f78c2f374df40be21f /user_guide_src/source | |
parent | 5a2390d4d6287f2ce35cadae4713b7dcd10fdc9b (diff) |
[ci skip] Try to mitigate BREACH attacks against CSRF tokens
Diffstat (limited to 'user_guide_src/source')
-rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 7284d100c..d889d4b28 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -11,6 +11,7 @@ Release Date: Not Released - Fixed an XSS vulnerability in :doc:`Security Library <libraries/security>` method ``xss_clean()``. - Added protection against timing side-channel attacks in :doc:`Security Library <libraries/security>` method ``csrf_verify()``. + - Added protection against BREACH attacks targeting the CSRF token field generated by :doc:`Form Helper <helpers/form_helper>` function :php:func:`form_open()`. - General Changes |