From 20c7e646ffee266f6540c2b88bf4e9ff1e8f70de Mon Sep 17 00:00:00 2001
From: Luke Plant <L.Plant.98@cantab.net>
Date: Thu, 3 Dec 2009 14:48:47 +0000
Subject: [PATCH] Added notes to "Features deprecated in 1.2" about CSRF and
 SMTPConnection

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11788 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 docs/ref/contrib/csrf.txt |  2 ++
 docs/releases/1.2.txt     | 24 ++++++++++++++++++++----
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt
index b76ec2f4f0..ea76fc3739 100644
--- a/docs/ref/contrib/csrf.txt
+++ b/docs/ref/contrib/csrf.txt
@@ -153,6 +153,8 @@ launch a CSRF attack on your site against that user.  The
 ``@csrf_response_exempt`` decorator can be used to fix this, but only if the
 page doesn't also contain internal forms that require the token.
 
+.. _ref-csrf-upgrading-notes:
+
 Upgrading notes
 ---------------
 
diff --git a/docs/releases/1.2.txt b/docs/releases/1.2.txt
index afc2657786..54d7672453 100644
--- a/docs/releases/1.2.txt
+++ b/docs/releases/1.2.txt
@@ -26,13 +26,13 @@ There have been large changes to the way that CSRF protection works, detailed in
 changes that developers must be aware of:
 
  * ``CsrfResponseMiddleware`` and ``CsrfMiddleware`` have been deprecated, and
-   will be removed completely in Django 1.4, in favour of a template tag that
+   will be removed completely in Django 1.4, in favor of a template tag that
    should be inserted into forms.
 
  * All contrib apps use a ``csrf_protect`` decorator to protect the view.  This
    requires the use of the csrf_token template tag in the template, so if you
-   have used custom templates for contrib views, you MUST READ THE UPGRADE
-   INSTRUCTIONS to fix those templates.
+   have used custom templates for contrib views, you MUST READ THE :ref:`UPGRADE
+   INSTRUCTIONS <ref-csrf-upgrading-notes>` to fix those templates.
 
  * ``CsrfViewMiddleware`` is included in :setting:`MIDDLEWARE_CLASSES` by
    default. This turns on CSRF protection by default, so that views that accept
@@ -72,7 +72,23 @@ changes:
 Features deprecated in 1.2
 ==========================
 
-None.
+CSRF response rewriting middleware
+----------------------------------
+
+``CsrfResponseMiddleware``, the middleware that automatically inserted CSRF
+tokens into POST forms in outgoing pages, has been deprecated in favor of a
+template tag method (see above), and will be removed completely in Django
+1.4. ``CsrfMiddleware``, which includes the functionality of
+``CsrfResponseMiddleware`` and ``CsrfViewMiddleware`` has likewise been
+deprecated.
+
+Also, the CSRF module has moved from contrib to core, and the old imports are
+deprecated, as described in the :ref:`upgrading notes <ref-csrf-upgrading-notes>`.
+
+``SMTPConnection``
+------------------
+
+This class has been deprecated in favor of the new generic e-mail backends.
 
 What's new in Django 1.2
 ========================