[TASK] Mention new default for cookieHttpOnly in NEWS.txt 40/25140/2
authorSteffen Müller <typo3@t3node.com>
Sun, 3 Nov 2013 13:41:36 +0000 (14:41 +0100)
committerSteffen Müller <typo3@t3node.com>
Sun, 3 Nov 2013 13:44:02 +0000 (14:44 +0100)
Resolves: #53291
Releases: 6.2
Change-Id: Ie941ada0519c8ac22153b07bb2b1a297333332df
Reviewed-on: https://review.typo3.org/25140
Reviewed-by: Steffen Müller
Tested-by: Steffen Müller
NEWS.txt

index 4c7faeb..32bbb3d 100644 (file)
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -36,6 +36,12 @@ General
 
 It is now possible to create high density sprites.
 
+* New default value for cookieHttpOnly setting
+
+The session cookies "fe_typo_user" and "be_typo_user" now have set the
+HttpOnly attribute by default. This will make it harder to steal the cookie by
+XSS attacks.
+
 -------------------------------------------------------------------------------
 Logging
 -------------------------------------------------------------------------------