Update CHANGELOG.md

Co-authored-by: Karl Heinz Struggl <[email protected]>
getsentry · Feb 26, 2024 · e64c5a6 · e64c5a6
1 parent 952b8b8
commit e64c5a6
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,11 +9,11 @@
 ### Fixes
 
 - Option `enabled: false` ensures no events are sent ([#3606](https://github.com/getsentry/sentry-react-native/pull/3606))
-- Remove Expo Plugin `authToken` option from application bundle ([#3630](https://github.com/getsentry/sentry-react-native/pull/3630))
-  - Expo Configuration is saved in plain text and is not secure.
-    Please, rotate your token if you published an app with
-    the auth token in the plugin config. Use `SENTRY_AUTH_TOKEN` env.
-    Read more in the [docs](https://docs.sentry.io/platforms/react-native/manual-setup/expo/).
+- Don't add Expo Plugin option `authToken` to application bundle ([#3630](https://github.com/getsentry/sentry-react-native/pull/3630))
+  - Expo plugin configurations are generelly stored in plain text, and are also automatically added to built app bundles, and are therefore considered insecure.
+  - You should not set the auth token in the plugin config except for local testing. Instead, use the `SENTRY_AUTH_TOKEN` env variable, as pointed out in our [docs](https://docs.sentry.io/platforms/react-native/manual-setup/expo/).
+  - In addition to showing a warning, we are now actively removing an `authToken` from the plugin config if it was set.
+  - If you had set the auth token in the plugin config previously, **and** built and published an app with that config, you should [rotate your token](https://docs.sentry.io/product/accounts/auth-tokens/).
 
 ### Dependencies