summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source
diff options
context:
space:
mode:
Diffstat (limited to 'user_guide_src/source')
-rw-r--r--user_guide_src/source/changelog.rst8
1 files changed, 8 insertions, 0 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 91a59c4cf..ca1696c42 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -7,6 +7,14 @@ Version 3.1.3
Release Date: Not Released
+- **Security**
+
+ - Fixed an XSS vulnerability in :doc:`Security Library <libraries/security>` method ``xss_clean()``.
+ - Fixed a possible file inclusion vulnerability in :doc:`Loader Library <libraries/loader>` method ``vars()``.
+ - Fixed a possible remote code execution vulnerability in the :doc:`Email Library <libraries/email>` when 'mail' or 'sendmail' are used (thanks to Paul Buonopane from `NamePros <https://www.namepros.com/>`_).
+ - Added protection against timing side-channel attacks in :doc:`Security Library <libraries/security>` method ``csrf_verify()``.
+ - Added protection against BREACH attacks targeting the CSRF token field generated by :doc:`Form Helper <helpers/form_helper>` function :php:func:`form_open()`.
+
- General Changes
- Deprecated ``$config['allow_get_array']``.