tornado/docs/releases/v1.1.1.rst

What's new in Tornado 1.1.1
===========================

Feb 8, 2011
-----------

::

    Tornado 1.1.1 is a BACKWARDS-INCOMPATIBLE security update that fixes an
    XSRF vulnerability.  It is available at
    https://github.com/downloads/facebook/tornado/tornado-1.1.1.tar.gz

    This is a backwards-incompatible change.  Applications that previously
    relied on a blanket exception for XMLHTTPRequest may need to be modified
    to explicitly include the XSRF token when making ajax requests.

    The tornado chat demo application demonstrates one way of adding this
    token (specifically the function postJSON in demos/chat/static/chat.js).

    More information about this change and its justification can be found at
    http://www.djangoproject.com/weblog/2011/feb/08/security/
    http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
Add past release notes to sphinx docs 2011-06-12 04:32:45 +00:00			`What's new in Tornado 1.1.1`
			`===========================`

			`Feb 8, 2011`
			`-----------`

			`::`
Use https for all links to github. Github redirects everything to https anyway, so the links might as well start out secure. 2012-06-04 00:37:36 +00:00
Add past release notes to sphinx docs 2011-06-12 04:32:45 +00:00			`Tornado 1.1.1 is a BACKWARDS-INCOMPATIBLE security update that fixes an`
			`XSRF vulnerability. It is available at`
Use https for all links to github. Github redirects everything to https anyway, so the links might as well start out secure. 2012-06-04 00:37:36 +00:00			`https://github.com/downloads/facebook/tornado/tornado-1.1.1.tar.gz`

Add past release notes to sphinx docs 2011-06-12 04:32:45 +00:00			`This is a backwards-incompatible change. Applications that previously`
			`relied on a blanket exception for XMLHTTPRequest may need to be modified`
			`to explicitly include the XSRF token when making ajax requests.`
Use https for all links to github. Github redirects everything to https anyway, so the links might as well start out secure. 2012-06-04 00:37:36 +00:00
Add past release notes to sphinx docs 2011-06-12 04:32:45 +00:00			`The tornado chat demo application demonstrates one way of adding this`
			`token (specifically the function postJSON in demos/chat/static/chat.js).`
Use https for all links to github. Github redirects everything to https anyway, so the links might as well start out secure. 2012-06-04 00:37:36 +00:00
Add past release notes to sphinx docs 2011-06-12 04:32:45 +00:00			`More information about this change and its justification can be found at`
			`http://www.djangoproject.com/weblog/2011/feb/08/security/`
			`http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails`