From eebe8c625e9026bfda1831bf560899304624c60a Mon Sep 17 00:00:00 2001
From: Sabina Talipova <sabina.talipova@silverstripe.com>
Date: Fri, 22 Apr 2022 15:37:32 +1200
Subject: [PATCH] Changelog for Composer 2.2.0  allow-plugins option

---
 docs/en/04_Changelogs/4.11.0.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/en/04_Changelogs/4.11.0.md b/docs/en/04_Changelogs/4.11.0.md
index e59a369e6..68e01c834 100644
--- a/docs/en/04_Changelogs/4.11.0.md
+++ b/docs/en/04_Changelogs/4.11.0.md
@@ -7,6 +7,7 @@
 - [Features and enhancements](#features-and-enhancements)
   - [Upload and use WebP images in the CMS](#webp)
   - [Preview any DataObject in any admin section](#cms-preview)
+  - [Allow-plugins configuration option in Composer versions 2.2.0 and up](#composer)
   - [Other features](#other-features)
 - [Bugfixes](#bugfixes)
 - [Dependency and internal API changes](#dependency-internal-api-changes)
@@ -78,6 +79,15 @@ The version portion of the metagenerator tag can be disabled via:
 SilverStripe\CMS\Model\SiteTree:
   show_meta_generator_version: false
 ```
+### Allow-plugins configuration option in Composer versions 2.2.0 and up {#composer}
+
+- As of Composer 2.2.0, the [allow-plugins](https://getcomposer.org/doc/06-config.md#allow-plugins) option adds a layer of security. Developers will be prompted to allow plugins when running `composer install` for the first time on existing projects, or for any new projects not using `silverstripe/installer` or `silverstripe/recipe-kitchen-sink`.
+- The plugins needed for all silverstripe projects are:
+    `composer/installers`
+    `silverstripe/recipe-plugin`
+    `silverstripe/vendor-plugin`
+New installations using `silverstripe/silverstripe-installer` and `silverstripe/recipe-kitchen-sink` from 4.11 onwards will have the above plugins added to the `allowed-plugins` configuration by default.
+- From July 2022 composer will no longer prompt to allow plugins when running `composer install`. This won't affect new installs using silverstripe/installer or silverstripe-recipe-kitchen-sink, but will affect other new projects, and existing projects where `allowed-plugins` hasn't yet been defined. In those cases developers will need to declare the allowed plugins manually in the project's `composer.json` file.
 
 ### Other new features {#other-features}