From 71f18a20535f882d06465f089fa4f97db1ab10a5 Mon Sep 17 00:00:00 2001
From: Zimeng Xiong <zxzimeng@gmail.com>
Date: Wed, 14 Jan 2026 13:11:13 -0800
Subject: [PATCH] Update RELEASE.md with CSRF_SECRET instructions

Added instructions for the required CSRF_SECRET environment variable for CSRF protection in Kubernetes deployments.
---
 RELEASE.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/RELEASE.md b/RELEASE.md
index 707df09..ebbe11d 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -27,3 +27,17 @@ CSRF Protection (8a78b2b)
   - Updated docker-compose configurations with new environment variables
   - E2E test suite improvements and reliability fixes
   - Added Kubernetes deployment note in README
+
+### Kubernetes
+
+  A `CSRF_SECRET` environment variable is now required for CSRF protection. Generate a secure 32+ character random string:
+
+  ```bash
+  openssl rand -base64 32
+
+  Add it to your deployment:
+  - Docker Compose: Add CSRF_SECRET=<your-secret> to the backend service environment
+  - Kubernetes: Add to your ConfigMap/Secret and reference in the backend deployment
+
+  If not set, the backend will refuse to start.
+  ```