diff options
Diffstat (limited to 'debian/changelog')
| -rw-r--r-- | debian/changelog | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 613640f60..9085d97cb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,9 @@ ikiwiki (2.42) UNRELEASED; urgency=low * aggregate: Correct a mistake in the code that dummy up a guid for feeds lacking one. * inline: Correct handling of urls relative to baseurl in feeds. + * Fix CSRF attacks against the preferences and edit forms. The fix involved + embedding the session id in the forms, and not allowing the forms to be + submitted if the embedded id does not match the session id. Closes: #475445 -- Joey Hess <joeyh@debian.org> Thu, 03 Apr 2008 02:35:39 -0400 |