Give credit to Joost Pol for reporting the security issue.

2014-05-05 22:44:01 -04:00 · 2014-05-05 22:44:01 -04:00 · 636965fda0
parent 9896931862
commit 636965fda0
1 changed files with 2 additions and 0 deletions
--- a/docs/releases/v3.2.1.rst
+++ b/docs/releases/v3.2.1.rst
@ -19,6 +19,8 @@ Security fixes
  by default until they expire.  Applications that may be vulnerable
  can reject all cookies in the older format by passing ``min_version=2``
  to `.RequestHandler.get_secure_cookie`.
+* Thanks to Joost Pol of `Certified Secure <https://www.certifiedsecure.com>`_
+  for reporting this issue.

 Backwards-compatibility notes
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~