README.md in devise-security-0.15.0 vs README.md in devise-security-0.16.0

- old
+ new

@@ -2,11 +2,11 @@
 
 [![Build Status](https://travis-ci.org/devise-security/devise-security.svg?branch=master)](https://travis-ci.org/devise-security/devise-security)
 [![Coverage Status](https://coveralls.io/repos/github/devise-security/devise-security/badge.svg?branch=master)](https://coveralls.io/github/devise-security/devise-security?branch=master)
 [![Maintainability](https://api.codeclimate.com/v1/badges/ace7cd003a0db8bffa5a/maintainability)](https://codeclimate.com/github/devise-security/devise-security/maintainability)
 
-A [Devise](https://github.com/plataformatec/devise) extension to add additional
+A [Devise](https://github.com/heartcombo/devise) extension to add additional
 security features required by modern web applications. Forked from
 [Devise Security Extension](https://github.com/phatworx/devise_security_extension)
 
 It is composed of 7 additional Devise modules:
 
@@ -35,13 +35,13 @@
 **captcha support** for `sign_up`, `sign_in`, `recover` and `unlock` (to make
 automated mass creation and brute forcing of accounts harder)
 
 ## Getting started
 
-Devise Security works with Devise on Rails 4.2 onwards. You can add it to your
+Devise Security works with Devise on Rails >= 5.0. You can add it to your
 Gemfile after you successfully set up Devise (see
-[Devise documentation](https://github.com/plataformatec/devise)) with:
+[Devise documentation](https://github.com/heartcombo/devise)) with:
 
 ```ruby
 gem 'devise-security'
 ```
 
@@ -52,11 +52,11 @@
 ```console
 rails generate devise_security:install
 ```
 
 The generator adds optional configurations to
-`config/initializers/devise-security.rb`. Enable the modules you wish to use in
+`config/initializers/devise_security.rb`. Enable the modules you wish to use in
 the initializer you are ready to add Devise Security modules on top of Devise
 modules to any of your Devise models:
 
 ```ruby
 devise :password_expirable, :secure_validatable, :password_archivable, :session_limitable, :expirable
@@ -122,10 +122,13 @@
   # config.security_question_for_confirmation = false
 
   # ==> Configuration for :expirable
   # Time period for account expiry from last_activity_at
   # config.expire_after = 90.days
+
+  # Allow passwords to be equal to email (false, true)
+  # config.allow_passwords_equal_to_email = false
 end
 ```
 
 ## Other ORMs
 
@@ -185,14 +188,14 @@
 
 3. Enable captcha - see "Configuration" of Devise Security above.
 4. Add the captcha in the generated devise views for each controller you have
    activated.
 
-    ```erb
-    <p><%= captcha_tag %></p>
-    <p><%= text_field_tag :captcha %></p>
-    ```
+   ```erb
+   <p><%= captcha_tag %></p>
+   <p><%= text_field_tag :captcha %></p>
+   ```
 
 ## Schema
 
 ### Password expirable
 
@@ -229,10 +232,24 @@
 
   t.string :unique_session_id
 end
 ```
 
+#### Bypassing session limitable
+
+Sometimes it's useful to impersonate a user without authentication (e.g.
+[administrator impersonating a user](https://github.com/heartcombo/devise/wiki/How-To:-Sign-in-as-another-user-if-you-are-an-admin)),
+in this case the `session_limitable` strategy will log out the user, and if the
+user logs in while the administrator is still logged in, the administrator will
+be logged out.
+
+For such cases the following can be used:
+
+```ruby
+sign_in(User.find(params[:id]), scope: :user, skip_session_limitable: true)
+```
+
 ### Expirable
 
 ```ruby
 create_table :the_resources do |t|
   # other devise fields
@@ -301,12 +318,12 @@
 end
 ```
 
 ## Requirements
 
-- Devise (<https://github.com/plataformatec/devise>)
-- Rails 4.2 onwards (<http://github.com/rails/rails>)
+- Devise (<https://github.com/heartcombo/devise>)
+- Rails 5.0 onwards (<http://github.com/rails/rails>)
 - recommendations:
   - `autocomplete-off` (<http://github.com/phatworx/autocomplete-off>)
   - `easy_captcha` (<http://github.com/phatworx/easy_captcha>)
   - `mongodb` (<https://www.mongodb.com/>)
   - `rvm` (<https://rvm.io/>)
@@ -354,25 +371,16 @@
 ## Running tests
 
 Standard tests can be invoked using `rake`. To run the tests against the
 `mongoid` ORM, use `DEVISE_ORM=mongoid rake` while `mongodb` is running.
 
-To locally simulate what travis-ci will run when you push code use:
-
-```bash
-gem install bundler -v '1.17.3'
-BUNDLER_VERSION=1.17.3 wwtd
-```
-
 ## Maintenance Policy
 
 We are committed to maintain support for `devise-security` for all normal or
 security maintenance versions of the Ruby language
 [as listed here](https://www.ruby-lang.org/en/downloads/branches/), and for the
 Ruby on Rails framework
 [as per their maintenance policy](https://rubyonrails.org/maintenance/).
-
-Support for Rails 4.2 will be dropped in version 0.16.0.
 
 In order to avoid introducing bugs caused by backwardly incompatible Ruby
 language features, it is highly recommended that all development work be done
 using the oldest supported ruby version. The contents of the `.ruby-version`
 file should reflect this.