From c86db2613629192b1055b8205e9ef401b93bc01f Mon Sep 17 00:00:00 2001
From: Klimov Paul <klimov.paul@gmail.com>
Date: Fri, 27 Jun 2014 14:35:01 +0300
Subject: [PATCH] Notes about `Security` class refactoring added to
 CHANGELOG.md and UPGRADE.md

---
 framework/CHANGELOG.md |  1 +
 framework/UPGRADE.md   | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md
index dd16e15a45..eec980e318 100644
--- a/framework/CHANGELOG.md
+++ b/framework/CHANGELOG.md
@@ -65,6 +65,7 @@ Yii Framework 2 Change Log
 - Bug: URL encoding for the route parameter added to `\yii\web\UrlManager` (klimov-paul)
 - Bug: Fixed the bug that requesting protected or private action methods would cause 500 error instead of 404 (qiangxue)
 - Bug: Fixed Object of class Imagick could not be converted to string in CaptchaAction (eXprojects, cebe)
+- Enh #87: Helper `yii\helpers\Security` converted into application component, cryptographic strength improved (klimov-paul)
 - Enh #422: Added Support for BIT(M) data type default values in Schema (cebe)
 - Enh #1452: Added `Module::getInstance()` to allow accessing the module instance from anywhere within the module (qiangxue)
 - Enh #2264: `CookieCollection::has()` will return false for expired or removed cookies (qiangxue)
diff --git a/framework/UPGRADE.md b/framework/UPGRADE.md
index 83fc0fc41c..beb1753887 100644
--- a/framework/UPGRADE.md
+++ b/framework/UPGRADE.md
@@ -72,3 +72,21 @@ Upgrade from Yii 2.0 Beta
 
 * `mail` component was renamed to `mailer`, `yii\log\EmailTarget::$mail` was renamed to `yii\log\EmailTarget::$mailer`.
   Please update all references in the code and config files.
+
+* Static helper `yii\helpers\Security` has been converted into an application component. You should change all usage of
+  its methods to a new syntax, for example: instead of `yii\helpers\Security::hashData()` use `Yii::$app->getSecurity()->hashData()`.
+  If you have used `yii\helpers\Security` for encryption or hash generating, you need to explicitly configure 'security'
+  component for the legacy code support in following way:
+  ```
+  return [
+      'components' => [
+          'security' => [
+              'cryptBlockSize' => 16,
+              'cryptKeySize' => 24,
+              'derivationIterations' => 1000,
+          ],
+          // ...
+      ],
+      // ...
+  ];
+  ```
\ No newline at end of file