Fix Apache header injection vulnerability in set_status_header()

commit: df33ec2e45356895c5aec0a1ebfc325c2af4f74a [log] [tgz]
author: Andrey Andreev <narf@devilix.net> Mon Mar 20 17:43:58 2017 +0200
committer: Andrey Andreev <narf@devilix.net> Mon Mar 20 17:43:58 2017 +0200
tree: e7b54b276b94264a648b332cab1b5fe0e12d1efa
parent: 62b655b92667f1e417a4f260a34ff447ddeee2c2 [diff] [blame]
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 32f2b81..d891b78 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst

@@ -9,10 +9,11 @@
 
 -  **Security**
 
-   -  Updated :doc:`Encrypt Library <libraries/encrypt>` (DEPRECATED) to call ``mcrypt_create_iv()`` with ``MCRYPT_DEV_URANDOM``.
+   -  Fixed a header injection vulnerability in :doc:`common function <general/common_functions>` :php:func:`set_status_header()` under Apache (thanks to Guillermo Caminer from `Flowgate <https://flowgate.net/>`_).
    -  Fixed byte-safety issues in :doc:`Encrypt Library <libraries/encrypt>` (DEPRECATED) when ``mbstring.func_overload`` is enabled.
    -  Fixed byte-safety issues in :doc:`Encryption Library <libraries/encryption>` when ``mbstring.func_overload`` is enabled.
    -  Fixed byte-safety issues in :doc:`compatibility functions <general/compatibility_functions>` ``password_hash()``, ``hash_pbkdf2()`` when ``mbstring.func_overload`` is enabled.
+   -  Updated :doc:`Encrypt Library <libraries/encrypt>` (DEPRECATED) to call ``mcrypt_create_iv()`` with ``MCRYPT_DEV_URANDOM``.
 
 -  General Changes
commit	df33ec2e45356895c5aec0a1ebfc325c2af4f74a	[log] [tgz]
author	Andrey Andreev <narf@devilix.net>	Mon Mar 20 17:43:58 2017 +0200
committer	Andrey Andreev <narf@devilix.net>	Mon Mar 20 17:43:58 2017 +0200
tree	e7b54b276b94264a648b332cab1b5fe0e12d1efa
parent	62b655b92667f1e417a4f260a34ff447ddeee2c2 [diff] [blame]