Add changelog for 3.10.2

infobyte · Jan 30, 2020 · 464bb0c · 464bb0c
1 parent 623efa5
commit 464bb0c
Show file tree

Hide file tree

Showing 9 changed files with 31 additions and 10 deletions.
diff --git a/CHANGELOG/3.10.1/date.md b/CHANGELOG/3.10.1/date.md
@@ -1 +1 @@
-Jan 10th, 2010
+Jan 10th, 2020
diff --git a/CHANGELOG/3.10.2/date.md b/CHANGELOG/3.10.2/date.md
@@ -0,0 +1 @@
+Jan 30th, 2020
diff --git a/CHANGELOG/3.10.2/white.md b/CHANGELOG/3.10.2/white.md
@@ -0,0 +1,7 @@
+ * Fix Cross-Site Request Forgery (CSRF) vulnerability in all JSON API endpoints.
+This was caused because a third-party library doesn't implement proper
+Content-Type header validation. To mitigate the vulnerability, we set the
+session cookie to have the `SameSite: Lax` property.
+ * Fix Faraday Server logs were always in debug
+ * Add update date column when exporting vulnerabilities to CSV
+ * Fix unicode error when exporting vulnerabilities to CSV
diff --git a/CHANGELOG/RELEASE.md b/CHANGELOG/RELEASE.md
@@ -9,7 +9,17 @@ New features in the latest update
 =====================================
 
 
-3.10.1 [Jan 10th, 2010]:
+3.10.2 [Jan 30th, 2020]:
+---
+ * Fix Cross-Site Request Forgery (CSRF) vulnerability in all JSON API endpoints.
+This was caused because a third-party library doesn't implement proper
+Content-Type header validation. To mitigate the vulnerability, we set the
+session cookie to have the `SameSite: Lax` property.
+ * Fix Faraday Server logs were always in debug
+ * Add update date column when exporting vulnerabilities to CSV
+ * Fix unicode error when exporting vulnerabilities to CSV
+
+3.10.1 [Jan 10th, 2020]:
 ---
  * Fix installation with `pip install --no-binary :all: faradaysec`
  * Force usage of webargs 5 (webargs 6 broke backwards compatibility)

diff --git a/CHANGELOG/current/add_update_date_to_export_csv.md b/CHANGELOG/current/add_update_date_to_export_csv.md
diff --git a/CHANGELOG/current/csrf.md b/CHANGELOG/current/csrf.md
diff --git a/CHANGELOG/current/fix_file_logs_always_in_debug.md b/CHANGELOG/current/fix_file_logs_always_in_debug.md
diff --git a/CHANGELOG/current/fix_issue_export_csv.md b/CHANGELOG/current/fix_issue_export_csv.md
diff --git a/RELEASE.md b/RELEASE.md
@@ -9,7 +9,17 @@ New features in the latest update
 =====================================
 
 
-3.10.1 [Jan 10th, 2010]:
+3.10.2 [Jan 30th, 2020]:
+---
+ * Fix Cross-Site Request Forgery (CSRF) vulnerability in all JSON API endpoints.
+This was caused because a third-party library doesn't implement proper
+Content-Type header validation. To mitigate the vulnerability, we set the
+session cookie to have the `SameSite: Lax` property.
+ * Fix Faraday Server logs were always in debug
+ * Add update date column when exporting vulnerabilities to CSV
+ * Fix unicode error when exporting vulnerabilities to CSV
+
+3.10.1 [Jan 10th, 2020]:
 ---
  * Fix installation with `pip install --no-binary :all: faradaysec`
  * Force usage of webargs 5 (webargs 6 broke backwards compatibility)