This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
     new 1f5b578  Adjust changelog to reflect which releases actually contain 
which improvements to the CSRF prevention filter.
1f5b578 is described below

commit 1f5b578669cd016d599d711f48d28e53573c72d1
Author: Christopher Schultz <ch...@christopherschultz.net>
AuthorDate: Tue Nov 19 13:03:14 2019 -0500

    Adjust changelog to reflect which releases actually contain which
    improvements to the CSRF prevention filter.
---
 webapps/docs/changelog.xml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 84377f6..3f70beb 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -52,9 +52,8 @@
         example in the JSP section of the examples web application. (markt)
       </fix>
       <add>
-        Improvements to CsrfPreventionFilter including additional
-        logging, making the latest nonce available in the request attributes,
-        and allowing the CSRF nonce request parameter name to be customized.
+        Improvements to CsrfPreventionFilter: additional logging, allow the
+        CSRF nonce request parameter name to be customized.
         (schultz)
       </add>
     </changelog>
@@ -66,6 +65,12 @@
       <fix>
        Refactor JMX remote RMI registry creation. (remm)
       </fix>
+      <add>
+        Improvement to CsrfPreventionFilter: expose the latest available nonce
+        as a request attribute; expose the expected nonce request parameter
+        name as a context attribute.
+        (schultz)
+      </add>
     </changelog>
   </subsection>
   <subsection name="Coyote">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to