Merge branch 'master' of git@github.com:lifo/docrails

author: TomK32 <tomk32@tomk32.de> 2008-05-16 11:13:32 +0200
committer: TomK32 <tomk32@tomk32.de> 2008-05-16 11:13:32 +0200
commit: fa0cca368f74119b561595cc6ca7454f7debdf6b (patch)
tree: 85022a5047c4d8da55a981cc3c1b8cc65f1adcd8 /actionpack/CHANGELOG
parent: f16c22040d5b66cb285fbd9a90858294376192bb (diff)
parent: 4e2bc02163aa646ab1304b1b5bec98a7af8927f5 (diff)
download: rails-fa0cca368f74119b561595cc6ca7454f7debdf6b.tar.gz
rails-fa0cca368f74119b561595cc6ca7454f7debdf6b.tar.bz2
rails-fa0cca368f74119b561595cc6ca7454f7debdf6b.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index 2caaa40bf6..4a24d2f8b9 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,9 +1,10 @@
-*SVN*
+*2.1.0 RC1 (May 11th, 2008)*
 
 * Fixed that forgery protection can be used without session tracking (Peter Jones) [#139]
 
 * Added session(:on) to turn session management back on in a controller subclass if the superclass turned it off (Peter Jones) [#136]
 
+* Change the request forgery protection to go by Content-Type instead of request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" [rick]
 * InstanceTag#default_time_from_options with hash args uses Time.current as default; respects hash settings when time falls in system local spring DST gap [Geoff Buesing]
 
 * select_date defaults to Time.zone.today when config.time_zone is set [Geoff Buesing]
author	TomK32 <tomk32@tomk32.de>	2008-05-16 11:13:32 +0200
committer	TomK32 <tomk32@tomk32.de>	2008-05-16 11:13:32 +0200
commit	fa0cca368f74119b561595cc6ca7454f7debdf6b (patch)
tree	85022a5047c4d8da55a981cc3c1b8cc65f1adcd8 /actionpack/CHANGELOG
parent	f16c22040d5b66cb285fbd9a90858294376192bb (diff)
parent	4e2bc02163aa646ab1304b1b5bec98a7af8927f5 (diff)
download	rails-fa0cca368f74119b561595cc6ca7454f7debdf6b.tar.gz rails-fa0cca368f74119b561595cc6ca7454f7debdf6b.tar.bz2 rails-fa0cca368f74119b561595cc6ca7454f7debdf6b.zip