updated CHANGELOG for 4.1.3

2018-08-01 17:30:22 +02:00 · 2018-08-01 17:30:22 +02:00 · 4c5cb3fc62
parent 96504fb8c9
commit 4c5cb3fc62
1 changed files with 12 additions and 0 deletions
--- a/CHANGELOG-4.1.md
+++ b/CHANGELOG-4.1.md
@ -7,6 +7,18 @@ in 4.1 minor versions.
 To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash
 To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v4.1.0...v4.1.1

+* 4.1.3 (2018-08-01)
+
+ * security #cve-2018-14774 [HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer (nicolas-grekas)
+ * security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky HTTP headers (nicolas-grekas)
+ * bug #28003 [HttpKernel] Fixes invalid REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet (netiul)
+ * bug #28007 [FrameworkBundle] fixed guard event names for transitions (destillat)
+ * bug #28045 [HttpFoundation] Fix Cookie::isCleared (ro0NL)
+ * bug #28080 [HttpFoundation] fixed using _method parameter with invalid type (Phobetor)
+ * bug #28059 [Messenger] Fix error message on undefined message class for non-subscriber handler (chalasr)
+ * bug #28052 [HttpKernel] Fix merging bindings for controllers' locators (nicolas-grekas)
+ * bug #28014 [Messenger] Fix chaining senders with their aliases (sroze)
+
 * 4.1.2 (2018-07-23)

 * bug #28005 [HttpKernel] Fixed templateExists on parse error of the template name (yceruto)