From c2f399df663e2fffd5bdb0aeede9e23c056af435 Mon Sep 17 00:00:00 2001
From: Bryan Newbold <bnewbold@robocracy.org>
Date: Tue, 9 Apr 2019 22:20:33 -0700
Subject: add CHANGELOG entry about api_key issue

---
 CHANGELOG.md                           | 9 +++++++++
 python_client/codegen_python_client.sh | 1 +
 2 files changed, 10 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 130004d4..2cf4556e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,15 @@ See also:
 
 ## [Unreleased]
 
+### Fixed
+
+- fixed major authn/authz bug with fatcat python client which leaked API tokens
+  between API client handles. Almost all tests/webfact/etc were potentially
+  running with the privileged (superuser) webface-bot privileges. Yikes!
+- API `get_editgroup_annotations` endpoint was requiring auth; this was a typo.
+  Going to call this a very minor/backwards-compatible API change and not do a
+  minor version bump for it.
+
 ## [0.2.1] - 2019-04-09
 
 No API or SQL schema changes in this release. Macaroon generation and
diff --git a/python_client/codegen_python_client.sh b/python_client/codegen_python_client.sh
index 35126ad3..928c9e6b 100755
--- a/python_client/codegen_python_client.sh
+++ b/python_client/codegen_python_client.sh
@@ -48,6 +48,7 @@ END_PATCH
 # I don't know what they were thinking with this TypeWithDefault stuff, but it
 # caused really gnarly config cross-contamination issues when running mulitple
 # clients in parallel.
+# See also: https://github.com/swagger-api/swagger-codegen/issues/9117
 patch -p0 << END_PATCH
 --- fatcat_client/configuration.py
 +++ fatcat_client/configuration.py
-- 
cgit v1.2.3