From 07c9ee0ec96eb664974fe314a46389ed59390520 Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@plope.com>
Date: Fri, 2 Nov 2012 21:05:46 -0400
Subject: - Do not allow the userid returned from the ``authenticated_userid``
 or the   userid that is one of the list of principals returned by  
 ``effective_principals`` to be either of the strings ``system.Everyone`` or  
 ``system.Authenticated`` when any of the built-in authorization policies that
   live in ``pyramid.authentication`` are in use.  These two strings are  
 reserved for internal usage by Pyramid and they will not be accepted as valid
   userids.

---
 CHANGES.txt | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'CHANGES.txt')

diff --git a/CHANGES.txt b/CHANGES.txt
index 740de0f17..291795da3 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -6,6 +6,14 @@ Features
 
 - Added an ``effective_principals`` route and view predicate.
 
+- Do not allow the userid returned from the ``authenticated_userid`` or the
+  userid that is one of the list of principals returned by
+  ``effective_principals`` to be either of the strings ``system.Everyone`` or
+  ``system.Authenticated`` when any of the built-in authorization policies that
+  live in ``pyramid.authentication`` are in use.  These two strings are
+  reserved for internal usage by Pyramid and they will not be accepted as valid
+  userids.
+
 1.4a3 (2012-10-26)
 ==================
 
-- 
cgit v1.2.3