add CHANGELOG entry about api_key issue

author: Bryan Newbold <bnewbold@robocracy.org> 2019-04-09 22:20:33 -0700
committer: Bryan Newbold <bnewbold@robocracy.org> 2019-04-09 22:20:33 -0700
commit: c2f399df663e2fffd5bdb0aeede9e23c056af435 (patch)
tree: bb33db5ba848235691c28beb9ee7d32f45360b3b /CHANGELOG.md
parent: a9caaafadb6f4018ca370ebc9132294e80439df9 (diff)
download: fatcat-c2f399df663e2fffd5bdb0aeede9e23c056af435.tar.gz
fatcat-c2f399df663e2fffd5bdb0aeede9e23c056af435.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 130004d4..2cf4556e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,15 @@ See also:
 
 ## [Unreleased]
 
+### Fixed
+
+- fixed major authn/authz bug with fatcat python client which leaked API tokens
+  between API client handles. Almost all tests/webfact/etc were potentially
+  running with the privileged (superuser) webface-bot privileges. Yikes!
+- API `get_editgroup_annotations` endpoint was requiring auth; this was a typo.
+  Going to call this a very minor/backwards-compatible API change and not do a
+  minor version bump for it.
+
 ## [0.2.1] - 2019-04-09
 
 No API or SQL schema changes in this release. Macaroon generation and
author	Bryan Newbold <bnewbold@robocracy.org>	2019-04-09 22:20:33 -0700
committer	Bryan Newbold <bnewbold@robocracy.org>	2019-04-09 22:20:33 -0700
commit	c2f399df663e2fffd5bdb0aeede9e23c056af435 (patch)
tree	bb33db5ba848235691c28beb9ee7d32f45360b3b /CHANGELOG.md
parent	a9caaafadb6f4018ca370ebc9132294e80439df9 (diff)
download	fatcat-c2f399df663e2fffd5bdb0aeede9e23c056af435.tar.gz fatcat-c2f399df663e2fffd5bdb0aeede9e23c056af435.zip