From 2038aa6fc5e9c0ec0ae492b31354b9b474c44c12 Mon Sep 17 00:00:00 2001
From: Andy Brody <git@abrody.com>
Date: Sun, 22 Mar 2015 18:10:06 -0700
Subject: [PATCH] Add history notes for 1.8.0.

---
 history.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/history.md b/history.md
index 4714e2b..56d9e87 100644
--- a/history.md
+++ b/history.md
@@ -1,3 +1,15 @@
+# 1.8.0
+
+- Security: implement standards compliant cookie handling by adding a
+  dependency on http-cookie. This breaks compatibility, but was necessary to
+  address a session fixation / cookie disclosure vulnerability.
+  (#369 / CVE-2015-1820)
+
+  Previously, any Set-Cookie headers found in an HTTP 30x response would be
+  sent to the redirection target, regardless of domain. Responses now expose a
+  cookie jar and respect standards compliant domain / path flags in Set-Cookie
+  headers.
+
 # 1.7.3
 
 - Security: redact password in URI from logs (#349 / OSVDB-117461)