From 7bd14cbfb396bdb1e892ef0b9d51619c78ae368f Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@plope.com>
Date: Wed, 10 Nov 2010 15:24:09 -0500
Subject: - The pylons_* paster template used the same string  
 (``your_app_secret_string``) for the ``session.secret`` setting in the  
 generated ``development.ini``.  This was a security risk if left unchanged  
 in a project that used one of the templates to produce production  
 applications.  It now uses a randomly generated string.

---
 CHANGES.txt | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'CHANGES.txt')

diff --git a/CHANGES.txt b/CHANGES.txt
index 307a34f58..4354f5c7c 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -15,6 +15,12 @@ Bug Fixes
   syntax as the pattern supplied to ``add_route``.  This style of routing is
   not supported.  They were replaced with ``:colon`` style route patterns.
 
+- The pylons_* paster template used the same string
+  (``your_app_secret_string``) for the ``session.secret`` setting in the
+  generated ``development.ini``.  This was a security risk if left unchanged
+  in a project that used one of the templates to produce production
+  applications.  It now uses a randomly generated string.
+
 Documentation
 -------------
 
-- 
cgit v1.2.3