summaryrefslogtreecommitdiffstats
path: root/user_guide/changelog.html
diff options
context:
space:
mode:
Diffstat (limited to 'user_guide/changelog.html')
-rw-r--r--user_guide/changelog.html4
1 files changed, 4 insertions, 0 deletions
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 945b10497..6eb80b38e 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -63,6 +63,10 @@ Change Log
<p>Release Date: Not Released</p>
<ul>
+ <li>Security
+ <ul>
+ <li>An improvement was made to the MySQL and MySQLi drivers to prevent exposing a potential vector for SQL injection on sites using multi-byte character sets in the database client connection. <p>An incompatibility in PHP versions &lt; 5.2.3 and MySQL &lt; 5.0.7 with <em>mysql_set_charset()</em> creates a situation where using multi-byte character sets on these environments may potentially expose a SQL injection attack vector. Latin-1, UTF-8, and other "low ASCII" character sets are unaffected on all environments.</p> <p class="critical">If you are running or considering running a multi-byte character set for your database connection, please pay close attention to the server environment you are deploying on to ensure you are not vulnerable.</p></li>
+ </ul>
<li>General Changes
<ul>
<li>Added Session Class userdata to the output profiler. Additionally, added a show/hide toggle on HTTP Headers, Session Data and Config Variables.</li>