Changelog
---------

3.0a2 - 2009-11-13
~~~~~~~~~~~~~~~~~~

- Remove hash management UI which had been accidentally re-merged.
  [davisagli]

3.0a1 - 2009-04-04
~~~~~~~~~~~~~~~~~~

- Avoid deprecation warning for the sha module in Python 2.6.
  [hannosch]

- Declare test dependencies in an extra.
  [hannosch]

- Specify package dependencies.
  [hannosch]

- Fixed the remaining tests to work with the new keyring backend.
  [hannosch]

- Fixed a component lookup call in the HashSession source.
  [davisagli, hannosch]

- Update default (hash) session source to use plone.keyring to manage
  the secrets.
  [wichert]


2.1  - February 4, 2009
~~~~~~~~~~~~~~~~~~~~~~~

- Protect the setupSession call with the ManageUsers permission.
  Fixes possible privilege escalation.
  [maurits]

- Make the cookie lifetime configurable. Patch by Rok Garbas. Fixes
  http://dev.plone.org/plone/ticket/7248
  [wichert, garbas]


2.0  - July 8, 2008
~~~~~~~~~~~~~~~~~~~

- Fix CSRF protection for managing server secrets via the Plone session
  plugin for PAS. Fixes http://dev.plone.org/plone/ticket/8176
  [witsch]


1.2  - February 15, 2007
~~~~~~~~~~~~~~~~~~~~~~~~

- Use the binascii base64 methods to encode/decode the session cookie. This
  prevents newlines being inserted in long cookies.
  [wichert]


1.1  - September 11, 2007
~~~~~~~~~~~~~~~~~~~~~~~~~

- Use the userid instead of the login name in session identifiers. This
  has the side-effect of working around a bug in PAS which caused us to
  mix up users when the login name used was an inexact match for another
  login name.
  [wichert]


1.0  - August 15, 2007
~~~~~~~~~~~~~~~~~~~~~~

- First stable release
  [wichert]

