ChangeLog update

author <changelog@php.net> <>

Sun, 17 Jun 2007 01:31:17 +0000 (01:31 +0000)

committer <changelog@php.net> <>

Sun, 17 Jun 2007 01:31:17 +0000 (01:31 +0000)
author <changelog@php.net> <>
Sun, 17 Jun 2007 01:31:17 +0000 (01:31 +0000)
committer <changelog@php.net> <>
Sun, 17 Jun 2007 01:31:17 +0000 (01:31 +0000)
diff --git a/ChangeLog b/ChangeLog

index 4a00d1170c0a75b8cd7f5f9b2491281f5dcadc0c..c3be31cfbd4bae2d371c2927cc0124124dfc6ce5 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2007-06-16  Stefan Esser  <php@nopiracy.de>
+
+    * ext/session/session.c:
+      Fix attribute injection security bug correctly by URL encoding session
+      name and session value. (in future maybe encode path/domain, too)
+      
+      Remove backward compatibility breaking blacklist of characters.
+
  2007-06-15  Stanislav Malyshev  <stas@zend.com>
  
      * ext/session/session.c
author	<changelog@php.net> <>
	Sun, 17 Jun 2007 01:31:17 +0000 (01:31 +0000)
committer	<changelog@php.net> <>
	Sun, 17 Jun 2007 01:31:17 +0000 (01:31 +0000)