Clarified support of $config['csrf_exclude_uris'] support in v3.0 (#236)
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 8a6c922..f8eb596 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -148,6 +148,7 @@
- If property maintain_ratio is set to TRUE, image_reproportion() now doesn't need both width and height to be specified.
- Removed SHA1 function in the :doc:`Encryption Library <libraries/encryption>`.
- Added $config['csrf_regeneration'] to the CSRF protection in the :doc:`Security library <libraries/security>`, which makes token regeneration optional.
+ - Added $config['csrf_exclude_uris'] to the CSRF protection in the :doc:`Security library <libraries/security>`, which allows you list URIs which will not have the CSRF validation functions run.
- :doc:`Form Validation library <libraries/form_validation>` changes include:
- Added method error_array() to return all error messages as an array.
- Added method set_data() to set an alternative data array to be validated instead of the default $_POST.
@@ -453,7 +454,6 @@
- Added insert_batch() function to the PostgreSQL database driver.
Thanks to epallerols for the patch.
- Added "application/x-csv" to mimes.php.
- - Added CSRF protection URI whitelisting.
- Fixed a bug where :doc:`Email library <libraries/email>`
attachments with a "." in the name would using invalid MIME-types.