Release prep 1.3.1 (#1482)

* Changelog for 1.3.1 and 2.0.dev2. * Bump version to 2.0.dev2 for hotfix.
Chainlit · Oct 25, 2024 · 939fb99 · 939fb99
1 parent bb8288f
commit 939fb99
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,21 @@ All notable changes to Chainlit will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## [1.3.1] - 2024-10-25
+
+### Security Advisory
+
+- **IMPORTANT**: This release temporarily reverts the file access security improvements from 1.3.0 to restore element functionality. The element feature currently has a known security vulnerability that could allow unauthorized access to files. We strongly recommend against using elements in production environments until the next release.
+- A comprehensive security fix using HTTP-only cookie authentication will be implemented in an upcoming release.
+
+### Changed
+
+- Reverted authentication requirements for file access endpoints to restore element functionality (#1474)
+
+### Development
+
+- Work in progress on implementing HTTP-only cookie authentication for proper security (#1472)
+
 ## [1.3.0] - 2024-10-22
 
 ### Security
@@ -44,6 +59,21 @@ override oauth prompt parameter. Enabling users to explicitly enable login/conse
 - Improved Python code style and linting (#1353)
 - Resolved various small text and documentation issues (#1347, #1348)
 
+## [2.0.dev2] - 2024-10-25
+
+### Security Advisory
+
+- **IMPORTANT**: This release temporarily reverts the file access security improvements from 2.0.dev1 to restore element functionality. The element feature currently has a known security vulnerability that could allow unauthorized access to files. We strongly recommend against using elements in production environments until the next release.
+- A comprehensive security fix using HTTP-only cookie authentication will be implemented in an upcoming release.
+
+### Changed
+
+- Reverted authentication requirements for file access endpoints to restore element functionality (#1474)
+
+### Development
+
+- Work in progress on implementing HTTP-only cookie authentication for proper security (#1472)
+
 ## [2.0.dev1] - 2024-10-22
 
 ### Added

diff --git a/backend/pyproject.toml b/backend/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "chainlit"
-version = "2.0.dev1"
+version = "2.0.dev2"
 keywords = [
     'LLM',
     'Agents',