Change anti-CSRF security token lifetime to be session-based

[squirrelmail.git] / doc / ChangeLog

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 75a53d1eb72c873720270be7e490a337293360f9..58de4e7e6e24bf79163700ece8a0fc0604735d47 100644 (file)
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -415,6 +415,11 @@ Version 1.5.2 - SVN
   - Add ability for saved drafts to indicate if they are a reply
     or forward and if so, to which message, and mark that message
     as replied or forwarded when the draft is finally sent
+  - Added option to allow returning to the message one had been
+    replying to after sending 
+  - Sanitize user-supplied attachment filenames (thanks to Florian
+    Grunow for reporting this issue) [CVE-2018-8741]
+  - Changed anti-CSRF security token lifetime to be session-based.
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------