Close #3292

commit: 815ac8a3be770b7de7a805a551f136cc6bb9f83c [log] [tgz]
author: Andrey Andreev <narf@devilix.net> Tue Oct 28 21:32:20 2014 +0200
committer: Andrey Andreev <narf@devilix.net> Tue Oct 28 21:32:20 2014 +0200
tree: c605ac9dae927bb3e85ce618e140cb9942eede0f
parent: 98251706c81a7ca6057430c7c6a56ee4dfbe10a0 [diff] [blame]
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index f57e244..909c3bc 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst

@@ -503,6 +503,7 @@
       -  Removed internal method ``_assign_to_config()`` and moved its implementation to *CodeIgniter.php* instead.
       -  ``item()`` now returns NULL instead of FALSE when the required config item doesn't exist.
       -  Added an optional second parameter to both ``base_url()`` and ``site_url()`` that allows enforcing of a protocol different than the one in the *base_url* configuration setting.
+      -  Added HTTP "Host" header character validation to prevent cache poisoning attacks when ``base_url`` auto-detection is used.
 
    -  :doc:`Security Library <libraries/security>` changes include:
commit	815ac8a3be770b7de7a805a551f136cc6bb9f83c	[log] [tgz]
author	Andrey Andreev <narf@devilix.net>	Tue Oct 28 21:32:20 2014 +0200
committer	Andrey Andreev <narf@devilix.net>	Tue Oct 28 21:32:20 2014 +0200
tree	c605ac9dae927bb3e85ce618e140cb9942eede0f
parent	98251706c81a7ca6057430c7c6a56ee4dfbe10a0 [diff] [blame]