diff options
| author | David Lord <davidism@gmail.com> | 2023-05-01 07:07:43 -0700 |
|---|---|---|
| committer | David Lord <davidism@gmail.com> | 2023-05-01 07:07:43 -0700 |
| commit | 9004c05320763e902927af9d98c1e4a1c651e776 (patch) | |
| tree | 711b08cf88525f119bab14fc03954ee7bda4d072 /CHANGES.rst | |
| parent | 942dab369fece304df9e8966fb4b33adc9fa6cf9 (diff) | |
| download | werkzeug-9004c05320763e902927af9d98c1e4a1c651e776.tar.gz | |
cookie path=/ default
Diffstat (limited to 'CHANGES.rst')
| -rw-r--r-- | CHANGES.rst | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/CHANGES.rst b/CHANGES.rst index 9b83a5d8..075ca2bc 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -5,6 +5,9 @@ Version 2.3.3 Unreleased +- The cookie ``Path`` attribute is set to ``/`` by default again, to prevent clients + from falling back to RFC 6265's ``default-path`` behavior. :issue:`2672, 2679` + Version 2.3.2 ------------- @@ -14,8 +17,6 @@ Released 2023-04-28 - Parse the cookie ``Expires`` attribute correctly in the test client. :issue:`2669` - ``max_content_length`` can only be enforced on streaming requests if the server sets ``wsgi.input_terminated``. :issue:`2668` -- The cookie ``Path`` attribute is set to ``/`` by default again, to prevent clients - from falling back to RFC 6265's ``default-path`` behavior. :issue:`2672` Version 2.3.1 |