This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
View the commit online: https://github.com/apache/tomcat/commit/7c9a50c211cc8ccff1c7eac5592affa3fe84eadc commit 7c9a50c211cc8ccff1c7eac5592affa3fe84eadc Author: Christopher Schultz <ch...@christopherschultz.net> AuthorDate: Tue Nov 19 13:03:14 2019 -0500 Adjust changelog to reflect which releases actually contain which improvements to the CSRF prevention filter. --- webapps/docs/changelog.xml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index bc0da19..c28e432 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -48,9 +48,8 @@ <subsection name="Catalina"> <changelog> <add> - Improvements to CsrfPreventionFilter including additional - logging, making the latest nonce available in the request attributes, - and allowing the CSRF nonce request parameter name to be customized. + Improvements to CsrfPreventionFilter: additional logging, allow the + CSRF nonce request parameter name to be customized. (schultz) </add> </changgelog> @@ -86,6 +85,12 @@ <code>NullPointerException</code> when using a <code>RequestDispatcher</code>. (markt) </fix> + <add> + Improvement to CsrfPreventionFilter: expose the latest available nonce + as a request attribute; expose the expected nonce request parameter + name as a context attribute. + (schultz) + </add> </changelog> </subsection> </section> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
