summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-08-27 11:16:52 +0200
committerAndrey Andreev <narf@devilix.net>2014-08-27 11:16:52 +0200
commitb27338ac9710cfcf69c4c99028f474aae8b28b49 (patch)
tree1e966cd3199f6f927a382de7a72b22e206854d42 /user_guide_src/source
parentc40cce63f88ca12538edc757282c1d311480776c (diff)
Fix #3189
Diffstat (limited to 'user_guide_src/source')
-rw-r--r--user_guide_src/source/changelog.rst1
1 files changed, 1 insertions, 0 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 165ef424f..766cb3172 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -743,6 +743,7 @@ Bug fixes for 3.0
- Fixed a bug where ``CI_Xmlrpcs::parseRequest()`` could fail if ``$HTTP_RAW_POST_DATA`` is not populated.
- Fixed a bug in :doc:`Zip Library <libraries/zip>` internal method ``_get_mod_time()`` where it was not parsing result returned by ``filemtime()``.
- Fixed a bug (#3161) - :doc:`Cache Library <libraries/cache>` methods `increment()`, `decrement()` didn't auto-create non-existent items when using redis and/or file storage.
+- Fixed a bug (#3189) - :doc:`Parser Library <libraries/parser>` used double replacement on ``key->value`` pairs, exposing a potential template injection vulnerability.
Version 2.2.0
=============