X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Runtime.git;a=blobdiff_plain;f=Changes;h=231624d2f09b8d18183634f92f9cf9c4b25d45c1;hp=93e194f14be65440c42c4ff9e130d42d92db05d4;hb=32ed98de51991a84501ab4d32ff4db4fb7f128ad;hpb=c0d561c143f688e7fb322fcf0b2e8ca64022e7d8

diff --git a/Changes b/Changes
index 93e194f..231624d 100644
--- a/Changes
+++ b/Changes
@@ -19,6 +19,25 @@
     subject to utf8 decoding (or as specificed via the encoding configuration value).
   - lots of UTF8 changes.  Again we think this is now more correct but please test.
 
+5.90077 - 2014-11-18
+  - We store the PSGI $env in Catalyst::Engine for backcompat reasons.  Changed
+    this so that the storage is a weak reference, so that it goes out of scope
+    with the request.  This solves an issue where items in the stash (now in the
+    PSGI env) would not get closed at the end of the request.  This caused some
+    regression, primarily in custom testing classes.
+
+5.90076 - 2014-11-13
+  - If throwing an exception object that does the code method, make sure that
+    method returns an expected HTTP status code before passing it on to the
+    HTTP Exception middleware.
+
+5.90075 - 2014-10-06
+  - Documentation patch for $c->req->param to point out the recently discovered
+    potential security issues: http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/
+  - You don't need to install this update, but you should read about the exploit
+    and review if your code is vulnerable.  If you use the $c->req->param interface
+    you really need to review this exploit.
+
 5.90074 - 2014-10-01
   - Specify Carp minimum version to avoid pointless test fails (valy++)