mirror of
https://github.com/rest-client/rest-client.git
synced 2022-11-09 13:49:40 -05:00
Add history notes for 1.8.0.
This commit is contained in:
Andy Brody
parent
d2b624702b
commit
2038aa6fc5
1 changed files with 12 additions and 0 deletions
12
history.md
12
history.md
|
|
@ -1,3 +1,15 @@
|
||||||
|
# 1.8.0
|
||||||
|
|
||||||
|
- Security: implement standards compliant cookie handling by adding a
|
||||||
|
dependency on http-cookie. This breaks compatibility, but was necessary to
|
||||||
|
address a session fixation / cookie disclosure vulnerability.
|
||||||
|
(#369 / CVE-2015-1820)
|
||||||
|
|
||||||
|
Previously, any Set-Cookie headers found in an HTTP 30x response would be
|
||||||
|
sent to the redirection target, regardless of domain. Responses now expose a
|
||||||
|
cookie jar and respect standards compliant domain / path flags in Set-Cookie
|
||||||
|
headers.
|
||||||
|
|
||||||
# 1.7.3
|
# 1.7.3
|
||||||
|
|
||||||
- Security: redact password in URI from logs (#349 / OSVDB-117461)
|
- Security: redact password in URI from logs (#349 / OSVDB-117461)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue