From 42d6c1f7aaa242fc38e9b3a9c93746f18b641d90 Mon Sep 17 00:00:00 2001
From: Sixto Martin <pitbulk@gmail.com>
Date: Tue, 13 Jan 2015 13:56:33 +0100
Subject: [PATCH] Release version 2.3.0

---
 CHANGELOG | 13 +++++++++++++
 README.md |  8 ++++++++
 2 files changed, 21 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index 97e0ff30..d152e212 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,19 @@
 CHANGELOG
 =========
 
+v.2.3.0
+-------
+* Resolve namespace problem. Some IdPs uses saml2p:Response and saml2:Assertion instead of samlp:Response saml:Assertion.
+* Improve test and documentation.
+* Improve ADFS compatibility.
+* Remove unnecessary XSDs files.
+* Make available the reason for the saml message invalidation.
+* Adding ability to set idp cert once the Setting object initialized.
+* Fix status info issue.
+* Reject SAML Response if not signed and strict = false.
+* Support NameId and SessionIndex in LogoutRequest.
+* Add ForceAuh and IsPassive support.
+
 v.2.2.0
 -------
 * Fix bug with Encrypted nameID on LogoutRequest
diff --git a/README.md b/README.md
index ed9ba30f..c47a6740 100644
--- a/README.md
+++ b/README.md
@@ -134,6 +134,14 @@ namespaces, remember that calls to the class must be done by adding a \ to the
 start, for example to use the static method getSelfURLNoQuery use:
 \OneLogin_Saml2_Utils::getSelfURLNoQuery()
 
+
+Security warning
+----------------
+
+In production, the **strict** parameter MUST be set as **"true"**. Otherwise 
+your environment is not secure and will be exposed to attacks.
+
+
 Getting started
 ---------------