Give credit to Joost Pol for reporting the security issue.

author Ben Darnell <ben@bendarnell.com>

Tue, 6 May 2014 02:44:01 +0000 (22:44 -0400)

committer Ben Darnell <ben@bendarnell.com>

Tue, 6 May 2014 02:44:01 +0000 (22:44 -0400)
author Ben Darnell <ben@bendarnell.com>
Tue, 6 May 2014 02:44:01 +0000 (22:44 -0400)
committer Ben Darnell <ben@bendarnell.com>
Tue, 6 May 2014 02:44:01 +0000 (22:44 -0400)
diff --git a/docs/releases/v3.2.1.rst b/docs/releases/v3.2.1.rst

index b63641102e88a4229fa76a1dec5ae11832925a25..f085b09ca576be1ad31f89762486e918eee51f03 100644 (file)
--- a/docs/releases/v3.2.1.rst
+++ b/docs/releases/v3.2.1.rst
@@ -19,6 +19,8 @@ Security fixes
    by default until they expire.  Applications that may be vulnerable
    can reject all cookies in the older format by passing ``min_version=2``
    to `.RequestHandler.get_secure_cookie`.
+* Thanks to Joost Pol of `Certified Secure <https://www.certifiedsecure.com>`_
+  for reporting this issue.
  
  Backwards-compatibility notes
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
author	Ben Darnell <ben@bendarnell.com>
	Tue, 6 May 2014 02:44:01 +0000 (22:44 -0400)
committer	Ben Darnell <ben@bendarnell.com>
	Tue, 6 May 2014 02:44:01 +0000 (22:44 -0400)