Update Readme and changelog

pitbulk · pitbulk · commit 55fd62543161 · 2015-06-30T21:50:03.000+02:00
diff --git a/README.md b/README.md
@@ -1,8 +1,10 @@
 # Ruby SAML [![Build Status](https://secure.travis-ci.org/onelogin/ruby-saml.png)](http://travis-ci.org/onelogin/ruby-saml)
 
+
 ## Updating from 0.9.x to 1.0.X
 
-Version `1.0` adds adds many security features like saml message validations, decrypt support and other improvements. It is a recommended update for all Ruby SAML users. For more details, please review [the changelog](changelog.md)
+Version `1.0` is a recommended update for all Ruby SAML users since include security fixes.
+Adds security improvements like entity expansion limitation, more saml message validations and other important improvements like decrypt support. For more details, please review [the changelog](changelog.md). Also notice that in this version the get_idp_metadata method raise an exception when not able to fetch the idp metadata, so review your integration if you are using this functionality.
 
 ## Updating from 0.8.x to 0.9.x
 Version `0.9` adds many new features and improvements.
diff --git a/changelog.md b/changelog.md
@@ -1,9 +1,11 @@
 # RubySaml Changelog
 
 ### 1.0.0 (June 29, 2015)
+* [#247](https://github.com/onelogin/ruby-saml/pull/247) Avoid entity expansion (XEE attacks)
+* [#246](https://github.com/onelogin/ruby-saml/pull/246) Fix bug generating Logout Response (issuer was at wrong order)
 * [#243](https://github.com/onelogin/ruby-saml/issues/243) and [#244](https://github.com/onelogin/ruby-saml/issues/244) Fix metadata builder errors. Fix metadata xsd.
 * [#241](https://github.com/onelogin/ruby-saml/pull/241) Add decrypt support (EncryptID and EncryptedAssertion). Improve compatibility with namespaces. 
-* [#240](https://github.com/onelogin/ruby-saml/pull/240) [#238](https://github.com/onelogin/ruby-saml/pull/238) Improve test coverage and refactor.
+* [#240](https://github.com/onelogin/ruby-saml/pull/240) and [#238](https://github.com/onelogin/ruby-saml/pull/238) Improve test coverage and refactor.
 * [#239](https://github.com/onelogin/ruby-saml/pull/239) Improve security: Add more validations to SAMLResponse, LogoutRequest and LogoutResponse. Refactor code and improve tests coverage.
 * [#237](https://github.com/onelogin/ruby-saml/pull/237) Don't pretty print metadata by default.
 * [#235](https://github.com/onelogin/ruby-saml/pull/235) Remove the soft parameter from validation methods. Now can be configured on the settings and each class read it and store as an attribute of the class. Adding some validations and refactor old ones.
@@ -12,6 +14,7 @@
 * [#226](https://github.com/onelogin/ruby-saml/pull/226) Ensure IdP certificate is formatted properly
 * [#225](https://github.com/onelogin/ruby-saml/pull/225) Add documentation to several methods. Fix xpath injection on xml_security.rb
 * [#223](https://github.com/onelogin/ruby-saml/pull/223) Allow logging to be delegated to an arbitrary Logger
+* [#222](https://github.com/onelogin/ruby-saml/pull/222) No more silent failure fetching idp metadata (OneLogin::RubySaml::HttpError raised).
 
 ### 0.9.2 (Apr 28, 2015)
 * [#216](https://github.com/onelogin/ruby-saml/pull/216) Add fingerprint algorithm support
