X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=ChangeLog;h=5d1df9fdb3a9e7ccaff60fa3442851220adf8888;hb=8e0c7f9ca000395f481ae25b22f9b498f12d554e;hp=78b86d5e64dfcf25d19a2641207286a1c5e15c71;hpb=3fb5b49e4b9b2e99b1a12205f54ab0e22e77eade;p=privoxy.git

diff --git a/ChangeLog b/ChangeLog
index 78b86d5e..5d1df9fd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,11 @@ ChangeLog for Privoxy
     values above FD_SETSIZE are properly rejected. Previously they
     could cause memory corruption in configurations that allowed
     the limit to be reached.
+  - Proxy authentication headers are removed unless the new directive
+    enable-proxy-authentication-forwarding is used. Forwarding the
+    headers potentionally allows malicious sites to trick the user
+    into providing it with login information.
+    Reported by Chris John Riley.
   - Compiles on OS/2 again now that unistd.h is only included
     on platforms that have it.