NEWS & CHANGES: Bring 1.2.0 entries up to date with branch 1.2.x

CHANGES

@@ -36,6 +36,12 @@ Authentication:
    By default this is disabled (secrets are stored in the .ini)
    but can be enabled via the .ini configuration key `use_users_db`
    in the `couch_httpd_oauth` section.
+ * Documents in the _users database are no longer publicly
+   readable.
+ * Confidential information in the _replication database is no
+   longer publicly readable.
+ * Password hashes are now calculated by CouchDB. Clients are no
+   longer required to do this manually.
  * Cookies used for authentication can be made persistent by enabling
    the .ini configuration key `allow_persistent_cookies' in the
    `couch_httpd_auth` section.
@@ -91,6 +97,8 @@ Storage System:
 
 View Server:
 
+ * Add CoffeeScript (http://coffeescript.org/) as a first class view server
+   language.
  * Fixed old index file descriptor leaks after a view cleanup.
  * The requested_path property keeps the pre-rewrite path even when no VHost
    configuration is matched.

NEWS

@@ -50,6 +50,11 @@ This version has not been released yet.
    a filter. It affected continuous pull replications with a filter.
  * Fix use of OAuth with VHosts and URL rewriting.
  * OAuth secrets can now be stored in the users system database.
+ * Documents in the _users database can no longer be read by everyone.
+ * Confidential information in the _replication database can no longer
+   be read by everyone.
+ * Password hashes are now calculated by CouchDB instead of the
+   client.
  * Allow persistent authentication cookies.
  * The requested_path property of query server request objects now has
    the path requested by clients before VHosts and rewriting.