From:  <changelog@php.net>
Date: Sun, 17 Jun 2007 01:31:17 +0000 (+0000)
Subject: ChangeLog update
X-Git-Tag: BEFORE_IMPORT_OF_MYSQLND~442
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bb433c26c140d3b6d18036931956925e0adfeea1;p=php

ChangeLog update
---

diff --git a/ChangeLog b/ChangeLog
index 4a00d1170c..c3be31cfbd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2007-06-16  Stefan Esser  <php@nopiracy.de>
+
+    * ext/session/session.c:
+      Fix attribute injection security bug correctly by URL encoding session
+      name and session value. (in future maybe encode path/domain, too)
+      
+      Remove backward compatibility breaking blacklist of characters.
+
 2007-06-15  Stanislav Malyshev  <stas@zend.com>
 
     * ext/session/session.c