Update CHANGELOG.

CHANGELOG.rdoc

@@ -2,11 +2,15 @@
   * Improve e-mail regexp (by github.com/rodrigoflores)
   * Add strip_whitespace_keys and default to e-mail (by github.com/swrobel)
   * Do not run format and uniqueness validations on e-mail if it hasn't changed (by github.com/Thibaut)
+  * Added update_without_password to update models but not allowing the password to change (by github.com/fschwahn)
+  * Added config.paranoid, check the generator for more information (by github.com/rodrigoflores)
 
 * bug fix
   * password_required? should not affect length validation
   * User cannot access sign up and similar pages if he is already signed in through a cookie or token
   * Do not convert booleans to strings on finders (by github.com/xavier)
+  * Run validations even if current_password fails (by github.com/crx)
+  * Devise now honors routes constraints (by github.com/macmartine)
 
 == 1.3.4
 

lib/devise.rb

@@ -237,7 +237,7 @@ module Devise
   @@warden_config = nil
   @@warden_config_block = nil
 
-  # TODO Write a meaningful description about this attribute
+  # When true, enter in paranoid mode to avoid user enumeration.
   mattr_accessor :paranoid
   @@paranoid = false
 

lib/devise/models/database_authenticatable.rb

@@ -69,8 +69,8 @@ module Devise
         result
       end
 
-      # Update record attributes without asking for the current password. Never allow to
-      # change the current password
+      # Updates record attributes without asking for the current password.
+      # Never allows to change the current password
       def update_without_password(params={})
         params.delete(:password)
         params.delete(:password_confirmation)