From 939fb997520194a80b1981a6dfb392c95338fb90 Mon Sep 17 00:00:00 2001
From: Mathijs de Bruin <mathijs@mathijsfietst.nl>
Date: Fri, 25 Oct 2024 13:29:50 +0100
Subject: [PATCH] Release prep 1.3.1 (#1482)

* Changelog for 1.3.1 and 2.0.dev2.

* Bump version to 2.0.dev2 for hotfix.
---
 CHANGELOG.md           | 30 ++++++++++++++++++++++++++++++
 backend/pyproject.toml |  2 +-
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 59e34dd062..eb58059a0d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,21 @@ All notable changes to Chainlit will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## [1.3.1] - 2024-10-25
+
+### Security Advisory
+
+- **IMPORTANT**: This release temporarily reverts the file access security improvements from 1.3.0 to restore element functionality. The element feature currently has a known security vulnerability that could allow unauthorized access to files. We strongly recommend against using elements in production environments until the next release.
+- A comprehensive security fix using HTTP-only cookie authentication will be implemented in an upcoming release.
+
+### Changed
+
+- Reverted authentication requirements for file access endpoints to restore element functionality (#1474)
+
+### Development
+
+- Work in progress on implementing HTTP-only cookie authentication for proper security (#1472)
+
 ## [1.3.0] - 2024-10-22
 
 ### Security
@@ -44,6 +59,21 @@ override oauth prompt parameter. Enabling users to explicitly enable login/conse
 - Improved Python code style and linting (#1353)
 - Resolved various small text and documentation issues (#1347, #1348)
 
+## [2.0.dev2] - 2024-10-25
+
+### Security Advisory
+
+- **IMPORTANT**: This release temporarily reverts the file access security improvements from 2.0.dev1 to restore element functionality. The element feature currently has a known security vulnerability that could allow unauthorized access to files. We strongly recommend against using elements in production environments until the next release.
+- A comprehensive security fix using HTTP-only cookie authentication will be implemented in an upcoming release.
+
+### Changed
+
+- Reverted authentication requirements for file access endpoints to restore element functionality (#1474)
+
+### Development
+
+- Work in progress on implementing HTTP-only cookie authentication for proper security (#1472)
+
 ## [2.0.dev1] - 2024-10-22
 
 ### Added
diff --git a/backend/pyproject.toml b/backend/pyproject.toml
index 9f6b866f41..e8f06c13b9 100644
--- a/backend/pyproject.toml
+++ b/backend/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "chainlit"
-version = "2.0.dev1"
+version = "2.0.dev2"
 keywords = [
     'LLM',
     'Agents',