diff options
author | David Rothstein <drothstein@gmail.com> | 2013-03-06 19:09:31 -0500 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2013-03-06 19:09:31 -0500 |
commit | 63fc6b8f75663588327cec1f645a1826c75f4400 (patch) | |
tree | ebddcb2fbfdef700ebf15a5cadfac24ec6cb0800 /CHANGELOG.txt | |
parent | 0a9cd357b43bdb0c0c7e574a15975e662f855d8d (diff) | |
parent | ec59e1197a2aa37557f9a87f13ba4d90e6aabf4c (diff) | |
download | brdo-63fc6b8f75663588327cec1f645a1826c75f4400.tar.gz brdo-63fc6b8f75663588327cec1f645a1826c75f4400.tar.bz2 |
Merge branch '7.20-hotfix' into 7.x
Conflicts:
CHANGELOG.txt
includes/bootstrap.inc
Diffstat (limited to 'CHANGELOG.txt')
-rw-r--r-- | CHANGELOG.txt | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index c43878f04..70ed4a4ea 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,5 +1,5 @@ -Drupal 7.21, xxxx-xx-xx (development version) +Drupal 7.22, xxxx-xx-xx (development version) ----------------------- - Fixed a bug which caused the denial-of-service protection added in Drupal 7.20 to break certain valid image URLs that had an extra slash in them. @@ -32,6 +32,11 @@ Drupal 7.21, xxxx-xx-xx (development version) sites which use HTTPS and redirect between "www" and non-"www" versions of the page. +Drupal 7.21, 2013-03-06 +----------------------- +- Allowed sites using the 'image_allow_insecure_derivatives' variable to still + have partial protection from the security issues fixed in Drupal 7.20. + Drupal 7.20, 2013-02-20 ----------------------- - Fixed security issues (denial of service). See SA-CORE-2013-002. |