summaryrefslogtreecommitdiffstats
path: root/user_guide_src
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2017-01-04 15:58:08 +0100
committerAndrey Andreev <narf@devilix.net>2017-01-04 15:58:08 +0100
commitcfd52edad6a4ae84b0c34755455b5b7b164878be (patch)
tree5663b32bc57bb5b0c7fc68f78c2f374df40be21f /user_guide_src
parent5a2390d4d6287f2ce35cadae4713b7dcd10fdc9b (diff)
[ci skip] Try to mitigate BREACH attacks against CSRF tokens
Diffstat (limited to 'user_guide_src')
-rw-r--r--user_guide_src/source/changelog.rst1
1 files changed, 1 insertions, 0 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 7284d100c..d889d4b28 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -11,6 +11,7 @@ Release Date: Not Released
- Fixed an XSS vulnerability in :doc:`Security Library <libraries/security>` method ``xss_clean()``.
- Added protection against timing side-channel attacks in :doc:`Security Library <libraries/security>` method ``csrf_verify()``.
+ - Added protection against BREACH attacks targeting the CSRF token field generated by :doc:`Form Helper <helpers/form_helper>` function :php:func:`form_open()`.
- General Changes