Merge pull request #34 from roidelapluie/release-five-dot-one

Julien Pivotto · web-flow · commit 79db9b30e3b7 · 2021-01-18T17:27:53.000+01:00
Release v0.5.1
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.5.1 / 2021-01-15
+
+This release includes a bugfix for a side-channel security issue that would
+allow an attacker to verify if a user is defined in the configuration by timing
+request. #39
+
+* [ENHANCEMENT] Cache basic authentication results to significantly improve
+  performance. #32
+* [BUGFIX] Prevent user enumeration by timing requests. #39
+
 ## 0.5.0 / 2021-01-13
 
 * [CHANGE] rename `https` package to `web`. #29
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.5.0
+0.5.1
