news/2008/1102-1.0.1-released.xhtml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   3   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   4 <html
   5   xmlns="http://www.w3.org/1999/xhtml"
   6   xmlns:xi="http://www.w3.org/2001/XInclude"
   7   xmlns:xc="urn:xhtml-compiler"
   8   xml:lang="en">
   9 <head>
  10   <title>csrf-magic 1.0.1 released - News</title>
  11   <xi:include href="common-meta.xml" xpointer="xpointer(/*/node())" />
  12   <meta name="description" content="Release notice for csrf-magic 1.0.1." />
  13   <meta name="keywords" content="library, security, open source, csrf, cross-site request forgery, protection, 1.0.1, release" />
  14 </head>
  15 <body>
  16
  17 <h1 id="title">csrf-magic 1.0.1 released</h1>
  18
  19 <div id="body">
  20 <div id="content">
  21
  22 <div id="short-content">
  23 <p>
  24   <a href="releases/csrf-magic-1.0.1.tar.gz" xc:absolute="href">csrf-magic 1.0.1</a> is a maintenance release, with a few new features
  25   that overall improve the usability and security of the library, as
  26   well as a bugfix for JQuery users.
  27 </p>
  28 <p>
  29   We also have an <abbr>RSS</abbr> feed now, for users who would like
  30   to keep updated with csrf-magic!
  31 </p>
  32 </div>
  33
  34 <h2>New features</h2>
  35
  36 <ul>
  37     <li> Support for composite tokens; this also fixes a bug with using
  38       IP-based tokens for users with cookies disabled.</li>
  39
  40     <li> Native support cookie tokens; use csrf_conf('cookie', $name) to
  41       specify the name of a cookie that the CSRF token should be
  42       placed in.  This is useful if you have a Squid cache, and need
  43       to configure it to ignore this token.</li>
  44
  45     <li> Tips/tricks section in README.txt.</li>
  46
  47     <li> There is now a two hour expiration time on all tokens.  This
  48       can be modified using csrf_conf('expires', $seconds).</li>
  49
  50     <li> ClickJacking protection using an iframe breaker.  Disable with
  51       csrf_conf('frame-breaker', false).</li>
  52 </ul>
  53
  54 <h2>Bug fixes</h2>
  55
  56 <ul>
  57     <li> CsrfMagic.send() incorrectly submitted GET requests twice,
  58       once without the magic token and once with the token.  Reported
  59       by Kelly Lu <code>&lt;lubird@gmail.com&gt;</code>.</li>
  60 </ul>
  61
  62
  63 </div>
  64 </div>
  65
  66 <xi:include href="common-footer.xml" xpointer="xpointer(/*)" />
  67
  68 </body>
  69 </html>