Merge branch 'develop-olympus' into develop-ascraeus

* develop-olympus: [prep-release-3.0.13] Bump version numbers for 3.0.13 release [prep-release-3.0.13] Highlight security relevant changes Conflicts: build/build.xml phpBB/install/database_update.php
author: Nils Adermann <naderman@naderman.de> 2015-01-26 19:01:34 +0100
committer: Nils Adermann <naderman@naderman.de> 2015-01-26 19:01:34 +0100
commit: 1c6ebcf02b2110556c811e8549e2079afab5ec7b (patch)
tree: 9a5473407a7785276478e93130e0f3e7779d2caf /phpBB/docs
parent: ffbe8cdc96004c17d57e40b8d66375b01cf01a14 (diff)
parent: ebd5aace3fd556d6b588b07329a7eed37997045b (diff)
download: forums-1c6ebcf02b2110556c811e8549e2079afab5ec7b.tar
forums-1c6ebcf02b2110556c811e8549e2079afab5ec7b.tar.gz
forums-1c6ebcf02b2110556c811e8549e2079afab5ec7b.tar.bz2
forums-1c6ebcf02b2110556c811e8549e2079afab5ec7b.tar.xz
forums-1c6ebcf02b2110556c811e8549e2079afab5ec7b.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 8d2dbd3755..807ee95988 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -2097,6 +2097,11 @@
 
 	<a name="v3012"></a><h3>1.xvii. Changes since 3.0.12</h3>
 
+<h4>Security</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13531">PHPBB3-13531</a>] - Disallow trailing paths (e.g. using the PATH_INFO feature) to prevent path-relative CSS injection</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13526">PHPBB3-13526</a>] - Correctly validate ucp_pm_options form key</li>
+</ul>
 <h4>Bug</h4>
 <ul>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-6703">PHPBB3-6703</a>] - Problem with russian letter while converting from 2.0.x</li>
@@ -2178,7 +2183,6 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13376">PHPBB3-13376</a>] - deregister_globals() does not work correctly when $_COOKIE['GLOBALS'] - is specified</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13519">PHPBB3-13519</a>] - Correctly validate imagick path as path and not string</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13523">PHPBB3-13523</a>] - PHP 5.2 Unit Tests no longer work due to deprecated PHPUnit PEAR channel</li>
-<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13526">PHPBB3-13526</a>] - Correctly validate ucp_pm_options form key</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13527">PHPBB3-13527</a>] - Escape information received from version server</li>
 </ul>
 <h4>Improvement</h4>
@@ -2201,7 +2205,6 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12247">PHPBB3-12247</a>] - include poster's username in email notifications of posts that get approved by moderators</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12259">PHPBB3-12259</a>] - Too many redundant tests are run on Travis</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12468">PHPBB3-12468</a>] - Allow mbstring.http_input='' besides 'pass' for PHP 5.6 compatibility</li>
-<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13531">PHPBB3-13531</a>] - Disallow trailing paths (e.g. using the PATH_INFO feature)</li>
 </ul>
 <h4>Task</h4>
 <ul>
author	Nils Adermann <naderman@naderman.de>	2015-01-26 19:01:34 +0100
committer	Nils Adermann <naderman@naderman.de>	2015-01-26 19:01:34 +0100
commit	1c6ebcf02b2110556c811e8549e2079afab5ec7b (patch)
tree	9a5473407a7785276478e93130e0f3e7779d2caf /phpBB/docs
parent	ffbe8cdc96004c17d57e40b8d66375b01cf01a14 (diff)
parent	ebd5aace3fd556d6b588b07329a7eed37997045b (diff)
download	forums-1c6ebcf02b2110556c811e8549e2079afab5ec7b.tar forums-1c6ebcf02b2110556c811e8549e2079afab5ec7b.tar.gz forums-1c6ebcf02b2110556c811e8549e2079afab5ec7b.tar.bz2 forums-1c6ebcf02b2110556c811e8549e2079afab5ec7b.tar.xz forums-1c6ebcf02b2110556c811e8549e2079afab5ec7b.zip