From ed39646ad20c5bc6cbe88e2015a0cdfaffd9dc51 Mon Sep 17 00:00:00 2001
From: glenneth <glennt40@gmail.com>
Date: Mon, 3 Nov 2025 19:51:30 +0300
Subject: [PATCH] docs: Update security documentation with template fix

---
 SECURITY-CONFIG-CHANGES.org | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/SECURITY-CONFIG-CHANGES.org b/SECURITY-CONFIG-CHANGES.org
index 0e53f69..1101937 100644
--- a/SECURITY-CONFIG-CHANGES.org
+++ b/SECURITY-CONFIG-CHANGES.org
@@ -71,6 +71,16 @@ Eliminated hardcoded Icecast admin password from codebase.
   - ~*supported-formats*~ → ~(config-supported-formats *config*)~
   - ~*stream-base-url*~ → ~(config-stream-base-url *config*)~
 
+** Template Security Fix (~template/login.ctml~) - CRITICAL
+
+Removed hardcoded admin credentials display from login page:
+
+- Deleted panel showing "Default Admin Credentials"
+- No longer displays username: ~admin~ / password: ~asteroid123~
+- Login page is now production-safe
+
+This was the critical issue Fade mentioned: "the templates with the default passwords for sure need changing"
+
 ** Docker Security Fixes (~docker/docker-compose.yml~) - CRITICAL
 
 *** Port Bindings Secured