From aaa0887eca2c030ba56376888934ee1e29b26932 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew-github@dracos.co.uk>
Date: Thu, 6 Sep 2018 17:42:54 +0100
Subject: Update user object before attempting sign-in.

This prevents leaking of user account phone
number on a failed login attempt.
---
 CHANGELOG.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b1b052008..f9b0f9149 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,9 @@
 ## Releases
 
-* Unreleased
+* v2.3.5 (6th September 2018)
+    - Security:
+        - Update user object before attempting sign-in,
+          to prevent leak of user account phone number.
 
 * v2.3.4 (7th June 2018)
     - Bugfixes:
-- 
cgit v1.2.3