X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/609e74bbd83925d2eea797a64620a20f57df75a5..72b5ef2c5fb01751992c9400afe2690da5df611f:/debian/changelog?ds=sidebyside

diff --git a/debian/changelog b/debian/changelog
index 613640f60..9085d97cb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,9 @@ ikiwiki (2.42) UNRELEASED; urgency=low
   * aggregate: Correct a mistake in the code that dummy up a guid for feeds
     lacking one.
   * inline: Correct handling of urls relative to baseurl in feeds.
+  * Fix CSRF attacks against the preferences and edit forms. The fix involved
+    embedding the session id in the forms, and not allowing the forms to be
+    submitted if the embedded id does not match the session id. Closes: #475445
 
  -- Joey Hess <joeyh@debian.org>  Thu, 03 Apr 2008 02:35:39 -0400