updated changelog

CHANGELOG.md

@@ -1,4 +1,4 @@
-## v0.31.0 (WIP)
+## v0.31.0
 
 - Visualize presentable multiple `relation` fields ([#7260](https://github.com/pocketbase/pocketbase/issues/7260)).
 
@@ -8,8 +8,9 @@
 
 - Added `FileDownloadRequestEvent.ThumbError` field that is populated in case of a thumb generation failure (e.g. unsupported format, timing out, etc.), allowing developers to reject the thumb fallback and/or supply their own custom thumb generation ([#7268](https://github.com/pocketbase/pocketbase/discussions/7268)).
 
-- ⚠️ Disallow client-side filtering and sorting of relations where the collection of the last targeted field has superusers only List/Search API rule to further minimize the risk of eventual side-channel attack.
+- ⚠️ Disallow client-side filtering and sorting of relations where the collection of the last targeted relation field has superusers-only List/Search API rule to further minimize the risk of eventual side-channel attack.
-    _Note that if you are really concerned about this, as mentioned in the "Security and performance" section of [#4417](https://github.com/pocketbase/pocketbase/discussions/4417) and [#5863](https://github.com/pocketbase/pocketbase/discussions/5863), the recommended solution to protect security sensitive fields (tokens, passwords, etc.) is to mark them as "Hidden" (aka. make them non-API filterable)._
+    _This should be a non-breaking change for most users, but if you want the old behavior, please open a new Q&A discussion with details about your use case to evaluate making it configurable._
+    _Note also that as mentioned in the "Security and performance" section of [#4417](https://github.com/pocketbase/pocketbase/discussions/4417) and [#5863](https://github.com/pocketbase/pocketbase/discussions/5863), the easiest and recommended solution to protect security sensitive fields (tokens, codes, passwords, etc.) is to mark them as "Hidden" (aka. make them non-API filterable)._
 
 - Regenerated JSVM types and updated npm and Go deps.