mirror of
https://github.com/rest-client/rest-client.git
synced 2022-11-09 13:49:40 -05:00
Add history notes for 1.8.0.
This commit is contained in:
Andy Brody
parent
d2b624702b
commit
2038aa6fc5
1 changed files with 12 additions and 0 deletions
12
history.md
12
history.md
|
|
@ -1,3 +1,15 @@
|
|||
# 1.8.0
|
||||
|
||||
- Security: implement standards compliant cookie handling by adding a
|
||||
dependency on http-cookie. This breaks compatibility, but was necessary to
|
||||
address a session fixation / cookie disclosure vulnerability.
|
||||
(#369 / CVE-2015-1820)
|
||||
|
||||
Previously, any Set-Cookie headers found in an HTTP 30x response would be
|
||||
sent to the redirection target, regardless of domain. Responses now expose a
|
||||
cookie jar and respect standards compliant domain / path flags in Set-Cookie
|
||||
headers.
|
||||
|
||||
# 1.7.3
|
||||
|
||||
- Security: redact password in URI from logs (#349 / OSVDB-117461)
|
||||
|
|
|
|||
Loading…
Reference in a new issue