1
0
Fork 0
mirror of https://github.com/rest-client/rest-client.git synced 2022-11-09 13:49:40 -05:00

Add history notes for 1.8.0.

This commit is contained in:
Andy Brody 2015-03-22 18:10:06 -07:00
parent d2b624702b
commit 2038aa6fc5

View file

@ -1,3 +1,15 @@
# 1.8.0
- Security: implement standards compliant cookie handling by adding a
dependency on http-cookie. This breaks compatibility, but was necessary to
address a session fixation / cookie disclosure vulnerability.
(#369 / CVE-2015-1820)
Previously, any Set-Cookie headers found in an HTTP 30x response would be
sent to the redirection target, regardless of domain. Responses now expose a
cookie jar and respect standards compliant domain / path flags in Set-Cookie
headers.
# 1.7.3
- Security: redact password in URI from logs (#349 / OSVDB-117461)