From e5daae771ffdd780aa2285276232c41e8587eba1 Mon Sep 17 00:00:00 2001
From: dialogik <dialogik@users.noreply.github.com>
Date: Wed, 7 Oct 2015 10:53:38 +0200
Subject: [PATCH] Add trusted.url.domains default value change to upgrade notes

---
 docs/simplesamlphp-upgrade-notes-1.14.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/simplesamlphp-upgrade-notes-1.14.txt b/docs/simplesamlphp-upgrade-notes-1.14.txt
index 4f49395d4..6278a7e2e 100644
--- a/docs/simplesamlphp-upgrade-notes-1.14.txt
+++ b/docs/simplesamlphp-upgrade-notes-1.14.txt
@@ -179,3 +179,5 @@ The following modules will no longer be shipped with the next version of SimpleS
     * `openidProvider`
     * `saml2debug`
     * `themefeidernd`
+
+The default value for trusted.url.domains in the config template has been changed from NULL to an empty array(), this sets a higher grade of default security. Resetting to NULL will re-allow untrusted routing.
-- 
GitLab