updated CHANGELOG for 3.4.14

2018-08-01 16:47:43 +02:00 · 2018-08-01 16:47:43 +02:00 · 22cb50a7ad
parent bcf5897bb1
commit 22cb50a7ad
1 changed files with 10 additions and 0 deletions
--- a/CHANGELOG-3.4.md
+++ b/CHANGELOG-3.4.md
@ -7,6 +7,16 @@ in 3.4 minor versions.
 To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash
 To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v3.4.0...v3.4.1

+* 3.4.14 (2018-08-01)
+
+ * security #cve-2018-14774 [HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer (nicolas-grekas)
+ * security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky HTTP headers (nicolas-grekas)
+ * bug #28003 [HttpKernel] Fixes invalid REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet (netiul)
+ * bug #28007 [FrameworkBundle] fixed guard event names for transitions (destillat)
+ * bug #28045 [HttpFoundation] Fix Cookie::isCleared (ro0NL)
+ * bug #28080 [HttpFoundation] fixed using _method parameter with invalid type (Phobetor)
+ * bug #28052 [HttpKernel] Fix merging bindings for controllers' locators (nicolas-grekas)
+
 * 3.4.13 (2018-07-23)

 * bug #28005 [HttpKernel] Fixed templateExists on parse error of the template name (yceruto)