From bae9ac9e236c3b73f6baefaf1cf89b241816ba02 Mon Sep 17 00:00:00 2001
From: Sicherhaven <admin@bshtech.net>
Date: Fri, 3 Apr 2026 09:27:15 +0530
Subject: [PATCH] docs: add v1.6.1 and v1.6.2 CHANGELOG entries

Documents StatusView eventify_id addition and the security fix
that stops internal Python exceptions from reaching API callers.
---
 CHANGELOG.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 299a9d5..3a40fa8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,24 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), version
 
 ---
 
+## [1.6.2] — 2026-04-03
+
+### Security
+- **Internal exceptions no longer exposed to API callers** — all 15 `except Exception as e` blocks across `mobile_api/views/user.py` and `mobile_api/views/events.py` now log the real error via `eventify_logger` and return a generic `"An unexpected server error occurred."` to the caller
+  - Affected views: `RegisterView`, `WebRegisterView`, `LoginView`, `StatusView`, `LogoutView`, `UpdateProfileView`, `EventTypeAPI`, `EventListAPI`, `EventDetailAPI`, `EventImagesListAPI`, `EventsByDateAPI`, `DateSheetAPI`, `PincodeEventsAPI`, `FeaturedEventsAPI`, `TopEventsAPI`
+  - `StatusView` and `UpdateProfileView` were also missing `log(...)` calls entirely — added
+  - `from eventify_logger.services import log` import added to `events.py` (was absent)
+
+---
+
+## [1.6.1] — 2026-04-03
+
+### Added
+- **`eventify_id` in `StatusView` response** (`/api/user/status/`) — consumer app uses this to refresh the Eventify ID badge (`EVT-XXXXXXXX`) for sessions that pre-date the `eventify_id` login field
+- **`accounts` migration `0012_user_eventify_id` deployed to production containers** — backfilled all existing users with unique Eventify IDs; previously the migration existed locally but had not been applied in production
+
+---
+
 ## [1.6.0] — 2026-04-02
 
 ### Added