From 71f7b03801ad37a0b8599eaf7e81bd9e93d906a7 Mon Sep 17 00:00:00 2001
From: Christian Boltz <postfixadmin@cboltz.de>
Date: Tue, 10 Jan 2012 20:30:15 +0000
Subject: [PATCH] update CHANGELOG.TXT with latest commits/fixes

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3@1325 a1433add-5e2c-0410-b055-b7f2511e0802
---
 CHANGELOG.TXT | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/CHANGELOG.TXT b/CHANGELOG.TXT
index d1430b24..c66a867d 100644
--- a/CHANGELOG.TXT
+++ b/CHANGELOG.TXT
@@ -13,6 +13,14 @@
 SVN changes since 2.3.4 release (postfixadmin-2.3 branch)
 ----------------------------------------------------------------
 
+  - fix SQL injection in pacrypt() (if $CONF[encrypt] == 'mysql_encrypt')
+  - fix SQL injection in backup.php - the dump was not mysql_escape()d, 
+    therefore users could inject SQL (for example in the vacation message)
+    which will be executed when restoring the database dump.
+    WARNING: database dumps created with backup.php from 2.3.4 or older might
+             contain malicious SQL. Double-check before using them!
+  - fix XSS with $_GET[domain] in templates/menu.php and edit-vacation
+  - fix XSS in some create-domain input fields
   - create-domain: fix SQL injection (only exploitable by superadmins)
   - add missing $LANG['pAdminDelete_admin_error']
   - don't mark mailbox targets with recipient delimiter as "forward only"