From 9f088cd32b97c27e206aab3a15c46493557fcb03 Mon Sep 17 00:00:00 2001
From: Julien Pivotto <roidelapluie@inuits.eu>
Date: Sun, 17 Jan 2021 00:26:48 +0100
Subject: [PATCH 1/2] Release v0.5.1

Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
---
 CHANGELOG.md | 5 +++++
 VERSION      | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c04410d9..4c79b0f9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,8 @@
+## 0.5.1 / 2021-01-15
+
+* [ENHANCEMENT] Cache basic authentication results to significantly improve
+  performance. #32
+
 ## 0.5.0 / 2021-01-13
 
 * [CHANGE] rename `https` package to `web`. #29
diff --git a/VERSION b/VERSION
index 8f0916f7..4b9fcbec 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.5.0
+0.5.1

From ddeafa2ba8a90b3bf093893a4b43a9e225cd2b36 Mon Sep 17 00:00:00 2001
From: Julien Pivotto <roidelapluie@inuits.eu>
Date: Mon, 18 Jan 2021 12:23:32 +0100
Subject: [PATCH 2/2] Update CHANGELOG

Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
---
 CHANGELOG.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4c79b0f9..8f897adc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,12 @@
 ## 0.5.1 / 2021-01-15
 
+This release includes a bugfix for a side-channel security issue that would
+allow an attacker to verify if a user is defined in the configuration by timing
+request. #39
+
 * [ENHANCEMENT] Cache basic authentication results to significantly improve
   performance. #32
+* [BUGFIX] Prevent user enumeration by timing requests. #39
 
 ## 0.5.0 / 2021-01-13