From f42720b1b66a995ab467ce4d47b46c5bd9a37f57 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Sun, 9 Jun 2013 14:43:49 +0100
Subject: [PATCH] SEC-2175: Correct XSD docs on auto-config.

---
 .../org/springframework/security/config/spring-security-3.1.rnc | 2 +-
 .../org/springframework/security/config/spring-security-3.1.xsd | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
index 0003313513..a5266bcbd0 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
@@ -292,7 +292,7 @@ http.attlist &=
     ## Allows a RequestMatcher instance to be used, as an alternative to pattern-matching.
     attribute request-matcher-ref { xsd:token }?
 http.attlist &=
-    ## Automatically registers a login form, BASIC authentication, anonymous authentication, logout services, remember-me and servlet-api-integration. If set to "true", all of these capabilities are added (although you can still customize the configuration of each by providing the respective element). If unspecified, defaults to "false".
+    ## A legacy attribute which automatically registers a login form, BASIC authentication and a logout URL and logout services. If unspecified, defaults to "false". We'd recommend you avoid using this and instead explicitly configure the services you require.
     attribute auto-config {xsd:boolean}?
 http.attlist &=
     use-expressions?
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
index da0a9eb5b0..fb2458c92e 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
@@ -746,7 +746,7 @@
     </xs:attribute>
     <xs:attribute name="auto-config" type="xs:boolean">
       <xs:annotation>
-        <xs:documentation>Automatically registers a login form, BASIC authentication, anonymous authentication, logout services, remember-me and servlet-api-integration. If set to "true", all of these capabilities are added (although you can still customize the configuration of each by providing the respective element). If unspecified, defaults to "false".</xs:documentation>
+        <xs:documentation>A legacy attribute which automatically registers a login form, BASIC authentication and a logout URL and logout services. If unspecified, defaults to "false". We'd recommend you avoid using this and instead explicitly configure the services you require.</xs:documentation>
       </xs:annotation>
     </xs:attribute>
     <xs:attribute name="use-expressions" type="xs:boolean">