Fix CSRF attacks against the preferences and edit forms. Closes: #475445

[ikiwiki.git] / debian / changelog

diff --git a/debian/changelog b/debian/changelog
index d4a1f24719026574c08fd297cda88182d941c5c5..9085d97cb6c0167186faaf220b9949ea5b857f73 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+ikiwiki (2.42) UNRELEASED; urgency=low
+
+  * aggregate: Correct a mistake in the code that dummy up a guid for feeds
+    lacking one.
+  * inline: Correct handling of urls relative to baseurl in feeds.
+  * Fix CSRF attacks against the preferences and edit forms. The fix involved
+    embedding the session id in the forms, and not allowing the forms to be
+    submitted if the embedded id does not match the session id. Closes: #475445
+
+ -- Joey Hess <joeyh@debian.org>  Thu, 03 Apr 2008 02:35:39 -0400
+
 ikiwiki (2.41) unstable; urgency=low
 
   [ Adeodato Simó ]