---
Documentation/RelNotes/2.49.0.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Documentation/RelNotes/2.49.0.txt b/Documentation/RelNotes/2.49.0.txt
index bc82217584..af76f07d81 100644
--- a/Documentation/RelNotes/2.49.0.txt
+++ b/Documentation/RelNotes/2.49.0.txt
@@ -65,8 +65,8 @@ Fixes since v2.48
using Python's http.server class, which has been corrected.
(merge 76baf97fa1 ak/instaweb-python-port-binding-fix later to maint).
- * Document that it is insecure to use Personal Access Tokens, which
- some hosting providers take as username/password, embedded in URLs.
+ * Document popular credential helpers. Explain why credential-cache is
+ unsuitable to store Personal Access Tokens.
(merge a90ff409f0 mh/doc-credential-helpers-with-pat later to maint).
* Other code cleanup, docfix, build fix, etc.
--
