diff options
| author | David Rothstein <drothstein@gmail.com> | 2015-10-03 15:13:35 -0400 |
|---|---|---|
| committer | David Rothstein <drothstein@gmail.com> | 2015-10-03 15:13:35 -0400 |
| commit | c9d188950508f104a8115ec7a78335607d9b6037 (patch) | |
| tree | 0a9c32d16f83baab39d252a5f69bf4bcf87dc725 /CHANGELOG.txt | |
| parent | 47d24ed171bcb4c6aca409ce8af0844a06520f5c (diff) | |
| download | brdo-c9d188950508f104a8115ec7a78335607d9b6037.tar.gz brdo-c9d188950508f104a8115ec7a78335607d9b6037.tar.bz2 | |
Issue #462950 by pwolanin, Pere Orga: Mitigate the security risks that come from IE, Chrome and other browsers trying to sniff the mime type
Diffstat (limited to 'CHANGELOG.txt')
| -rw-r--r-- | CHANGELOG.txt | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 23b66697d..069595046 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,6 +1,8 @@ Drupal 7.40, xxxx-xx-xx (development version) ----------------------- +- Set the X-Content-Type-Options header to "nosniff" when possible, to prevent + certain web browsers from picking an unsafe MIME type. - Prevented the database API from executing multiple queries at once on MySQL, if the site's PHP version is new enough to do so. This is a secondary defense against SQL injection attacks. |