X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=Changes;h=a1b4d27c96cde7fef96e45bdf9e70b7a8d02b488;hb=0810283f5e3c710d09ab56ceb8fb0b6bfbe3bbe9;hp=9f8bffe9db4367a128dc08608da8dd5bb35a7921;hpb=1893c1946e7cc5bb493241d8c9e783a02147f8b4;p=catagits%2FCatalyst-Runtime.git

diff --git a/Changes b/Changes
index 9f8bffe..a1b4d27 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,39 @@
 # This file documents the revision history for Perl extension Catalyst.
 
+5.90075 - 2014-10-06
+  - Documentation patch for $c->req->param to point out the recently discovered
+    potential security issues: http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/
+  - You don't need to install this update, but you should read about the exploit
+    and review if your code is vulnerable.  If you use the $c->req->param interface
+    you really need to review this exploit.
+
+5.90074 - 2014-10-01
+  - Specify Carp minimum version to avoid pointless test fails (valy++)
+
+5.90073 - 2014-09-23
+  - Fixed a regression caused by the last release where we broke what happened
+    when you tried to set request parameters via $c->req->param('foo', 'bar').
+    You shouldn't do this, but I guess I shouldn't have busted it either :)
+  - Allow the term_width to be regenerated (see Catalyst::Utils::term_width,
+    Frew Schmidt)
+  - More aggressive skipping of value decoding if the value is undefined.
+
+5.90072 - 2014-09-15
+  - In the case where you call $c->req->param(undef), warn with a more useful
+    warning (now gives the line of your code that called param with the undef,
+    so you can go to hunt it out.
+
+5.90071 - 2014-08-10
+  - Travis config now performs basic reverse dependency testing.
+  - Restored deprecated 'env' code in Engine.pm b/c it is still being used out
+    in the wild (Catalyst-Plugin-Authentication-0.10023) - (removed in 5.90070)
+  - Reverted changes to debug log/handling (5.90069_003) to fix
+    rev dep Catalyst-Plugin-Static-Simple-0.32 test suite.
+  - Added italian translation of default error.
+
+5.90070 - 2014-08-07
+  - Retagged previous release as stable; no changes
+
 5.90069_004
   - Fixed typo in middleware stash that was causing older Perls to fail
     certain tests.  No other changes.