From ec8dbbb79bb083acd1cf6beff5abea055b583db5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 4 Jan 2017 17:01:44 +0200 Subject: Fix a possible file inclusion vulnerability in CI_Loader::vars() --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide_src') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index d889d4b28..fff17110e 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -10,6 +10,7 @@ Release Date: Not Released - **Security** - Fixed an XSS vulnerability in :doc:`Security Library ` method ``xss_clean()``. + - Fixed a possible file inclusion vulnerability in :doc:`Loader Library ` method ``vars()``. - Added protection against timing side-channel attacks in :doc:`Security Library ` method ``csrf_verify()``. - Added protection against BREACH attacks targeting the CSRF token field generated by :doc:`Form Helper ` function :php:func:`form_open()`. -- cgit v1.2.3-24-g4f1b