Merge branch '7.20-hotfix' into 7.x

Conflicts: CHANGELOG.txt includes/bootstrap.inc
author: David Rothstein <drothstein@gmail.com> 2013-03-06 19:09:31 -0500
committer: David Rothstein <drothstein@gmail.com> 2013-03-06 19:09:31 -0500
commit: 63fc6b8f75663588327cec1f645a1826c75f4400 (patch)
tree: ebddcb2fbfdef700ebf15a5cadfac24ec6cb0800 /CHANGELOG.txt
parent: 0a9cd357b43bdb0c0c7e574a15975e662f855d8d (diff)
parent: ec59e1197a2aa37557f9a87f13ba4d90e6aabf4c (diff)
download: brdo-63fc6b8f75663588327cec1f645a1826c75f4400.tar.gz
brdo-63fc6b8f75663588327cec1f645a1826c75f4400.tar.bz2
1 files changed, 6 insertions, 1 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index c43878f04..70ed4a4ea 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,5 +1,5 @@
 
-Drupal 7.21, xxxx-xx-xx (development version)
+Drupal 7.22, xxxx-xx-xx (development version)
 -----------------------
 - Fixed a bug which caused the denial-of-service protection added in Drupal
   7.20 to break certain valid image URLs that had an extra slash in them.
@@ -32,6 +32,11 @@ Drupal 7.21, xxxx-xx-xx (development version)
   sites which use HTTPS and redirect between "www" and non-"www" versions of
   the page.
 
+Drupal 7.21, 2013-03-06
+-----------------------
+- Allowed sites using the 'image_allow_insecure_derivatives' variable to still
+  have partial protection from the security issues fixed in Drupal 7.20.
+
 Drupal 7.20, 2013-02-20
 -----------------------
 - Fixed security issues (denial of service). See SA-CORE-2013-002.
author	David Rothstein <drothstein@gmail.com>	2013-03-06 19:09:31 -0500
committer	David Rothstein <drothstein@gmail.com>	2013-03-06 19:09:31 -0500
commit	63fc6b8f75663588327cec1f645a1826c75f4400 (patch)
tree	ebddcb2fbfdef700ebf15a5cadfac24ec6cb0800 /CHANGELOG.txt
parent	0a9cd357b43bdb0c0c7e574a15975e662f855d8d (diff)
parent	ec59e1197a2aa37557f9a87f13ba4d90e6aabf4c (diff)
download	brdo-63fc6b8f75663588327cec1f645a1826c75f4400.tar.gz brdo-63fc6b8f75663588327cec1f645a1826c75f4400.tar.bz2