[ci skip] Try to mitigate BREACH attacks against CSRF tokens

author: Andrey Andreev <narf@devilix.net> 2017-01-04 15:58:08 +0100
committer: Andrey Andreev <narf@devilix.net> 2017-01-04 15:58:08 +0100
commit: cfd52edad6a4ae84b0c34755455b5b7b164878be (patch)
tree: 5663b32bc57bb5b0c7fc68f78c2f374df40be21f /user_guide_src
parent: 5a2390d4d6287f2ce35cadae4713b7dcd10fdc9b (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 7284d100c..d889d4b28 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -11,6 +11,7 @@ Release Date: Not Released
 
    -  Fixed an XSS vulnerability in :doc:`Security Library <libraries/security>` method ``xss_clean()``.
    -  Added protection against timing side-channel attacks in :doc:`Security Library <libraries/security>` method ``csrf_verify()``.
+   -  Added protection against BREACH attacks targeting the CSRF token field generated by :doc:`Form Helper <helpers/form_helper>` function :php:func:`form_open()`.
 
 -  General Changes
author	Andrey Andreev <narf@devilix.net>	2017-01-04 15:58:08 +0100
committer	Andrey Andreev <narf@devilix.net>	2017-01-04 15:58:08 +0100
commit	cfd52edad6a4ae84b0c34755455b5b7b164878be (patch)
tree	5663b32bc57bb5b0c7fc68f78c2f374df40be21f /user_guide_src
parent	5a2390d4d6287f2ce35cadae4713b7dcd10fdc9b (diff)