diff options
Diffstat (limited to 'actionpack/CHANGELOG')
| -rw-r--r-- | actionpack/CHANGELOG | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index e867666621..4a24d2f8b9 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -4,6 +4,7 @@ * Added session(:on) to turn session management back on in a controller subclass if the superclass turned it off (Peter Jones) [#136] +* Change the request forgery protection to go by Content-Type instead of request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" [rick] * InstanceTag#default_time_from_options with hash args uses Time.current as default; respects hash settings when time falls in system local spring DST gap [Geoff Buesing] * select_date defaults to Time.zone.today when config.time_zone is set [Geoff Buesing] |