From 0f4f747b74581d21b3826b846d6458237609cbeb Mon Sep 17 00:00:00 2001
From: Alexander Neumann <alexander@bumpern.de>
Date: Mon, 2 Apr 2018 13:08:29 +0200
Subject: [PATCH] Add entry to changelog

---
 changelog/unreleased/pull-64 | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 changelog/unreleased/pull-64

diff --git a/changelog/unreleased/pull-64 b/changelog/unreleased/pull-64
new file mode 100644
index 0000000..c5f9cd0
--- /dev/null
+++ b/changelog/unreleased/pull-64
@@ -0,0 +1,8 @@
+Security: Refuse overwriting config file in append-only mode
+
+While working on the `rclone serve restic` command we noticed that is currently
+possible to overwrite the config file in a repo even if `--append-only` is
+specified. The first commit adds proper tests, and the second commit fixes the
+issue.
+
+https://github.com/restic/rest-server/pull/64