From 97e75d4320e63132aefb187db968a490fdbcfdab Mon Sep 17 00:00:00 2001
From: Jim Anderson <jim.anderson@auth0.com>
Date: Wed, 11 Jan 2023 10:50:07 -0600
Subject: [PATCH] Release 1.9.4 (#125)

---
 CHANGELOG.md | 9 +++++++++
 README.md    | 9 +++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 79d3487..835fba1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,14 @@
 # Change Log
 
+## [1.9.4](https://github.com/auth0/auth0-java-mvc-common/tree/1.9.4) (2023-01-11)
+[Full Changelog](https://github.com/auth0/auth0-java-mvc-common/compare/1.9.3...1.9.4)
+
+This patch release does not contain any functional changes, but is being released using an updated signing key for verification as part of our commitment to best security practices. 
+Please review [the README note for additional details.](https://github.com/auth0/auth0-java-mvc-common/blob/master/README.md)
+
+**Security**
+- Update dependencies [\#124](https://github.com/auth0/auth0-java-mvc-common/pull/124) ([jimmyjames](https://github.com/jimmyjames))
+
 ## [1.9.3](https://github.com/auth0/auth0-java-mvc-common/tree/1.9.3) (2022-10-26)
 [Full Changelog](https://github.com/auth0/auth0-java-mvc-common/compare/1.9.2...1.9.3)
 
diff --git a/README.md b/README.md
index fa455a5..536a718 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,11 @@
 [![Maven Central](https://img.shields.io/maven-central/v/com.auth0/mvc-auth-commons.svg?style=flat-square)](https://mvnrepository.com/artifact/com.auth0/mvc-auth-commons)
 [![javadoc](https://javadoc.io/badge2/com.auth0/auth0-java-mvc-common/javadoc.svg)](https://javadoc.io/doc/com.auth0/mvc-auth-commons)
 
+> **Note**
+> As part of our ongoing commitment to best security practices, we have rotated the signing keys used to sign previous releases of this SDK. As a result, new patch builds have been released using the new signing key. Please upgrade at your earliest convenience.
+> 
+> While this change won't affect most developers, if you have implemented a dependency signature validation step in your build process, you may notice a warning that past releases can't be verified. This is expected, and a result of the key rotation process. Updating to the latest version will resolve this for you.
+
 :books: [Documentation](#documentation) - :rocket: [Getting Started](#getting-started) - :computer: [API Reference](#api-reference) :speech_balloon: [Feedback](#feedback)
 
 ## Documentation
@@ -31,14 +36,14 @@ Add the dependency via Maven:
 <dependency>
   <groupId>com.auth0</groupId>
   <artifactId>mvc-auth-commons</artifactId>
-  <version>1.9.3</version>
+  <version>1.9.4</version>
 </dependency>
 ```
 
 or Gradle:
 
 ```gradle
-implementation 'com.auth0:mvc-auth-commons:1.9.3'
+implementation 'com.auth0:mvc-auth-commons:1.9.4'
 ```
 
 ### Configure Auth0