From 42c1ad3c780aa74a289ec308cf01fd1ab8e91926 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@plataformatec.com.br>
Date: Tue, 26 May 2015 15:10:29 +0200
Subject: [PATCH] Release v3.5.1

---
 CHANGELOG.md          | 8 +++++++-
 Gemfile.lock          | 2 +-
 lib/devise/version.rb | 2 +-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 654ed003..a9f886fa 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,10 @@
-### 3.5.0 - 2015-05-23
+### 3.5.1 - 2015-05-24
+
+Note: 3.5.0 has been yanked due to a regression
+
+* security improvements
+  * Clean up reset password token whenever e-mail or password changes. thanks to George Deglin & Dennis Charles Hackethal for reporting this bug
+  * Ensure empty `authenticable_salt` cannot be used as remember token. This bug can only affect users who manually implement their own `authenticable_salt` and allow empty values as salt
 
 * enhancements
   * The hint about minimum password length required both `@validatable` and `@minimum_password_length` variables on the views, it now uses only the latter. If you have generated the views relying on the `@validatable` variable, replace it with `@minimum_password_length`.
diff --git a/Gemfile.lock b/Gemfile.lock
index 67de02bb..148bd1d3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    devise (3.5.0)
+    devise (3.5.1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
diff --git a/lib/devise/version.rb b/lib/devise/version.rb
index d9d2e25c..8a0be0d0 100644
--- a/lib/devise/version.rb
+++ b/lib/devise/version.rb
@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "3.5.0".freeze
+  VERSION = "3.5.1".freeze
 end