X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=Changes;h=a1b4d27c96cde7fef96e45bdf9e70b7a8d02b488;hb=0810283f5e3c710d09ab56ceb8fb0b6bfbe3bbe9;hp=e571b5ec95802810b77af6f51867406b6f3d10ed;hpb=ad9e8de94e240b8668b084ec2714deead7921a98;p=catagits%2FCatalyst-Runtime.git

diff --git a/Changes b/Changes
index e571b5e..a1b4d27 100644
--- a/Changes
+++ b/Changes
@@ -1,7 +1,27 @@
 # This file documents the revision history for Perl extension Catalyst.
 
+5.90075 - 2014-10-06
+  - Documentation patch for $c->req->param to point out the recently discovered
+    potential security issues: http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/
+  - You don't need to install this update, but you should read about the exploit
+    and review if your code is vulnerable.  If you use the $c->req->param interface
+    you really need to review this exploit.
+
+5.90074 - 2014-10-01
+  - Specify Carp minimum version to avoid pointless test fails (valy++)
+
+5.90073 - 2014-09-23
+  - Fixed a regression caused by the last release where we broke what happened
+    when you tried to set request parameters via $c->req->param('foo', 'bar').
+    You shouldn't do this, but I guess I shouldn't have busted it either :)
   - Allow the term_width to be regenerated (see Catalyst::Utils::term_width,
     Frew Schmidt)
+  - More aggressive skipping of value decoding if the value is undefined.
+
+5.90072 - 2014-09-15
+  - In the case where you call $c->req->param(undef), warn with a more useful
+    warning (now gives the line of your code that called param with the undef,
+    so you can go to hunt it out.
 
 5.90071 - 2014-08-10
   - Travis config now performs basic reverse dependency testing.