From 9647275854f199f14309f3a0dd4cf3989f499ad3 Mon Sep 17 00:00:00 2001
From: null <koga.industries@gmail.com>
Date: Sun, 10 May 2026 03:57:31 -0500
Subject: [PATCH] docs: add HISTORY.md for v0.22.2

---
 HISTORY.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/HISTORY.md b/HISTORY.md
index 8fae12c..efb63ec 100644
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -1,5 +1,17 @@
 # Bill Tracker — Changelog
 
+## v0.22.2
+
+### Added
+- **Session Invalidation on Password Change** — All other sessions are terminated when you change your password; current session gets a new ID
+- **Logout All Devices** — New `POST /api/auth/logout-all` endpoint to sign out from every device at once
+
+### Changed
+- `invalidateOtherSessions()` helper in authService.js
+- Both change-password routes (auth + profile) now rotate session ID
+- Added `last_password_change_at` to auth.js change-password for consistency with profile.js
+- Audit logging for `logout.all` and `password.change` events
+
 ## v0.22.1
 
 ### Changed