diff options
Diffstat (limited to 'doc/CHANGES.md')
| -rw-r--r-- | doc/CHANGES.md | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/doc/CHANGES.md b/doc/CHANGES.md index 9f1127e34..debf9d7c7 100644 --- a/doc/CHANGES.md +++ b/doc/CHANGES.md @@ -9,11 +9,13 @@ * Improvements to the accessibility of the search boxes (Nathan Jenkins) * Only one email sent when asking for admin attention to a request [issue #789](https://github.com/mysociety/alaveteli/pull/864) (Matthew Landauer) * A number of XSS escaping fixes for Version 0.7 (Matthew Landauer) +* The emergency admin account can now be disabled ## Upgrade notes * Check out this version and run `rails-post-deploy` as usual. * Remove adminbootstrap from the THEME_URLS or THEME_URL config variable, and remove vendor/plugins/adminbootstraptheme, and the softlink public/adminbootstraptheme. * There is a new config variable FORCE_SSL, which defaults to true, meaning that Alaveteli will redirect all "http" requests to "https", set the Strict-Transport-Security header and flag all cookies as "secure". For more information about running your install over SSL/TLS, see the [install guide](https://github.com/mysociety/alaveteli/blob/develop/doc/INSTALL.md#set-up-production-web-server). If you don't want to run over SSL/TLS, add the config variable FORCE_SSL to your config/general.yml and set it to false. +* If you would like to disable the emergency user account, set DISABLE_EMERGENCY_USER to true in you config/general.yml # Version 0.7 ## Highlighted features |