From 0697d17d121fcf9f46b5dd2dd1034dffa19ebdf2 Mon Sep 17 00:00:00 2001
From: rick <rick@spacemonkey.local>
Date: Tue, 6 May 2008 00:42:24 -0700
Subject: Change the request forgery protection to go by Content-Type instead
 of request.format so that you can't bypass it by POSTing to
 "#{request.uri}.xml" [#73 state:resolved]

---
 actionpack/CHANGELOG | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'actionpack/CHANGELOG')

diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index 54030047ba..87f570d55c 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,5 +1,7 @@
 *SVN*
 
+* Change the request forgery protection to go by Content-Type instead of request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" [rick]
+
 * Fixed that TextHelper#text_field would corrypt when raw HTML was used as the value (mchenryc, Kevin Glowacz) [#80]
 
 * Added ActionController::TestCase#rescue_action_in_public! to control whether the action under test should use the regular rescue_action path instead of simply raising the exception inline (great for error testing) [DHH]
-- 
cgit v1.2.3


From b60c8a573e63998b4aa3f93a1728bb9b6c6fb8f9 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Sun, 11 May 2008 18:29:44 -0500
Subject: Making ready for RC1 release

---
 actionpack/CHANGELOG | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack/CHANGELOG')

diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index 2caaa40bf6..e867666621 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,4 +1,4 @@
-*SVN*
+*2.1.0 RC1 (May 11th, 2008)*
 
 * Fixed that forgery protection can be used without session tracking (Peter Jones) [#139]
 
-- 
cgit v1.2.3