From 57ee91a9f0e3769a725280c3db351fb466bd7431 Mon Sep 17 00:00:00 2001
From: Michael Merickel <michael@merickel.org>
Date: Mon, 11 Jun 2018 00:56:53 -0500
Subject: add changelog for #3300

---
 CHANGES.rst | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

(limited to 'CHANGES.rst')

diff --git a/CHANGES.rst b/CHANGES.rst
index 334a9b62f..7c442aa1a 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -21,8 +21,8 @@ Features
   instead of ``pyramid.util.Request``.
   See https://github.com/Pylons/pyramid/pull/3129
 
-- In ``cherrypy_server_runner``, prefer imports from the ``cheroot`` package over the legacy
-  imports from `cherrypy.wsgiserver`.
+- In ``cherrypy_server_runner``, prefer imports from the ``cheroot`` package
+  over the legacy imports from `cherrypy.wsgiserver`.
   See https://github.com/Pylons/pyramid/pull/3235
 
 - Add a context manager ``route_prefix_context`` to the
@@ -30,6 +30,13 @@ Features
   route_prefix for ``include`` and ``add_route`` calls inside the context.
   See https://github.com/Pylons/pyramid/pull/3279
 
+- Modify the builtin session implementations to support SameSite options on
+  cookies and set the default to ``'Lax'``. This affects
+  ``pyramid.session.BaseCookieSessionFactory``,
+  ``pyramid.session.SignedCookieSessionFactory``, and
+  ``pyramid.session.UnencryptedCookieSessionFactoryConfig``.
+  See https://github.com/Pylons/pyramid/pull/3300
+
 Bug Fixes
 ---------
 
@@ -54,6 +61,12 @@ Backward Incompatibilities
   depending on it directly within your project.
   See https://github.com/Pylons/pyramid/pull/3140
 
+- Modify the builtin session implementations to set ``SameSite='Lax'`` on
+  cookies. This affects ``pyramid.session.BaseCookieSessionFactory``,
+  ``pyramid.session.SignedCookieSessionFactory``, and
+  ``pyramid.session.UnencryptedCookieSessionFactoryConfig``.
+  See https://github.com/Pylons/pyramid/pull/3300
+
 Documentation Changes
 ---------------------
 
-- 
cgit v1.2.3