From 1a951fa8d474fc9e6114cf63b8ba012233c9afcd Mon Sep 17 00:00:00 2001
From: Luke Plant <L.Plant.98@cantab.net>
Date: Tue, 31 May 2011 21:29:35 +0000
Subject: [PATCH] Added info to release notes about CSRF improvements

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16306 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 docs/releases/1.4.txt | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/releases/1.4.txt b/docs/releases/1.4.txt
index 8742103a36..7fdf0d7e1c 100644
--- a/docs/releases/1.4.txt
+++ b/docs/releases/1.4.txt
@@ -78,6 +78,16 @@ A new helper function,
 ``template.Library`` to ease the creation of template tags that store some
 data in a specified context variable.
 
+CSRF improvements
+~~~~~~~~~~~~~~~~~
+
+We've made various improvements to our CSRF features, including the
+:func:`~django.views.decorators.csrf.ensure_csrf_cookie` decorator which can
+help with AJAX heavy sites, protection for PUT and DELETE, and settings
+:setting:`CSRF_COOKIE_SECURE` and :setting:`CSRF_COOKIE_PATH` which can improve
+the security and usefulness of the CSRF protection. See the :doc:`CSRF docs
+</ref/contrib/csrf>` for more information.
+
 .. _backwards-incompatible-changes-1.4:
 
 Backwards incompatible changes in 1.4