From 01ace8d29cbd39fa17cdea24d35a12af22fa1829 Mon Sep 17 00:00:00 2001 From: Jamie Cameron Date: Fri, 8 Feb 2008 23:04:46 +0000 Subject: [PATCH] document referers change --- CHANGELOG | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 2da6efe36..879ca7245 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -84,3 +84,5 @@ Lock files are automatically removed when the process creating them exits. NetBSD 4.0 support. Italian and Catalan translations contributed for many modules, thanks to Giovanni and Jaume Badiella. Changed the error message that appears when Webmin detects a link from another web page, and removed the button to allow the link (which was unreliable anyway). +---- Changes since 1.390 ---- +Links from unknown referers are now blocked by default, to prevent XSS attacks. This may break browsers that don't supply a Referer: HTTP header.