You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by sc...@apache.org on 2019/11/19 18:03:50 UTC
[tomcat] branch master updated: Adjust changelog to reflect which
releases actually contain which improvements to the CSRF prevention filter.
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 1f5b578 Adjust changelog to reflect which releases actually contain which improvements to the CSRF prevention filter.
1f5b578 is described below
commit 1f5b578669cd016d599d711f48d28e53573c72d1
Author: Christopher Schultz <ch...@christopherschultz.net>
AuthorDate: Tue Nov 19 13:03:14 2019 -0500
Adjust changelog to reflect which releases actually contain which
improvements to the CSRF prevention filter.
---
webapps/docs/changelog.xml | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 84377f6..3f70beb 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -52,9 +52,8 @@
example in the JSP section of the examples web application. (markt)
</fix>
<add>
- Improvements to CsrfPreventionFilter including additional
- logging, making the latest nonce available in the request attributes,
- and allowing the CSRF nonce request parameter name to be customized.
+ Improvements to CsrfPreventionFilter: additional logging, allow the
+ CSRF nonce request parameter name to be customized.
(schultz)
</add>
</changelog>
@@ -66,6 +65,12 @@
<fix>
Refactor JMX remote RMI registry creation. (remm)
</fix>
+ <add>
+ Improvement to CsrfPreventionFilter: expose the latest available nonce
+ as a request attribute; expose the expected nonce request parameter
+ name as a context attribute.
+ (schultz)
+ </add>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org