From 3bddc95336d3b5bd15c8fa19ce770f11282e7651 Mon Sep 17 00:00:00 2001
From: Pascal Kriete <pascal.kriete@ellislab.com>
Date: Wed, 6 Apr 2011 14:48:52 -0400
Subject: Adding a note about security to the upgrade docs

---
 user_guide/installation/upgrade_201.html | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'user_guide')

diff --git a/user_guide/installation/upgrade_201.html b/user_guide/installation/upgrade_201.html
index 879067c6e..9c72cf423 100644
--- a/user_guide/installation/upgrade_201.html
+++ b/user_guide/installation/upgrade_201.html
@@ -66,11 +66,23 @@ Upgrading from 2.0.0 to 2.0.1
 
 <p class="important"><strong>Note:</strong> If you have any custom developed files in these folders please make copies of them first.</p>
 
+
 <h2>Step 2: Replace config/mimes.php</h2>
 
 <p>This config file has been updated to contain more mime types, please copy it to <kbd>application/config/mimes.php</kbd>.</p>
 
-<h2>Step 3: Check for forms posting to default controller</h2>
+
+<h2>Step 3: Remove loading calls for the Security Library</h2>
+
+<p>Security has been moved to the core and is now always loaded automatically. Make sure you remove any loading calls as they will result in PHP errors.</p>
+
+
+<h2>Step 4: Move MY_Security</h2>
+
+<p>If you are overriding or extending the Security library, you will need to move it to <kbd>application/core</kbd>.</p>
+
+
+<h2>Step 5: Check for forms posting to default controller</h2>
 
 <p>
 	The default behavior for <kbd>form_open()</kbd> when called with no parameters used to be to post to the default controller, but it will now just leave an empty action="" meaning the form will submit to the current URL.
-- 
cgit v1.2.3-24-g4f1b