Update CHANGELOG.md

erasmus-without-paper · Jan 23, 2018 · 51c2d92 · 51c2d92
1 parent 7e7e694
commit 51c2d92
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,18 @@ This document describes all the changes made to the *Authenticating Clients
 with HTTP Signature* document, starting from its first released version.
 
 
+1.0.1
+-----
+
+* Added a notice for the server implementers to *ignore* unsigned request
+  headers. (This hasn't been previously stressed enough, and it could lead to
+  security vulnerabilities.)
+
+* Added a notice for client implementers to take care not to allow their
+  frameworks and proxies modify the request after it has been signed (as this
+  could break the signature).
+
+
 1.0.0
 -----