diff options
author | Andrey Andreev <narf@devilix.net> | 2014-08-27 11:16:52 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2014-08-27 11:16:52 +0200 |
commit | b27338ac9710cfcf69c4c99028f474aae8b28b49 (patch) | |
tree | 1e966cd3199f6f927a382de7a72b22e206854d42 /user_guide_src/source | |
parent | c40cce63f88ca12538edc757282c1d311480776c (diff) |
Fix #3189
Diffstat (limited to 'user_guide_src/source')
-rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 165ef424f..766cb3172 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -743,6 +743,7 @@ Bug fixes for 3.0 - Fixed a bug where ``CI_Xmlrpcs::parseRequest()`` could fail if ``$HTTP_RAW_POST_DATA`` is not populated. - Fixed a bug in :doc:`Zip Library <libraries/zip>` internal method ``_get_mod_time()`` where it was not parsing result returned by ``filemtime()``. - Fixed a bug (#3161) - :doc:`Cache Library <libraries/cache>` methods `increment()`, `decrement()` didn't auto-create non-existent items when using redis and/or file storage. +- Fixed a bug (#3189) - :doc:`Parser Library <libraries/parser>` used double replacement on ``key->value`` pairs, exposing a potential template injection vulnerability. Version 2.2.0 ============= |