diff --git a/docs/simplesamlphp-changelog.md b/docs/simplesamlphp-changelog.md
index c60528e1f265b255f0f87a773f647e68fd0257f7..675cb9a8d0a6247d58f62d0740d876f5f2f2fbb6 100644
--- a/docs/simplesamlphp-changelog.md
+++ b/docs/simplesamlphp-changelog.md
@@ -14,6 +14,8 @@ Released TBD
   * Allow to log to STDERR in the logging.handler option.
   * Allow use of stream wrappers (e.g. s3://) in paths.
   * Improve 'update or insert' handling for different SQL drivers
+  * The default algorithm within the TimeLimitedToken-class has been bumped from SHA-1 to SHA-256
+    as announced by deprecation notice in 1.15-RC1
 
 ### metarefresh
   * The algorithm to compute the fingerprint of the certificate that signed
@@ -30,6 +32,14 @@ Released TBD
 ### Interoperability
   * The minimum PHP version required is now 5.6.
 
+### Deprecation
+  * The class SimpleSAML\Auth\TimeLimitedToken is now deprecated and will be removed in a future release
+    If your custom module relies on this class, be sure to make a copy into your repository and
+    make sure to also copy the unit tests that come along.
+  * Setting 'privacypolicy' in metadata-files will be removed in a future release. It was only used
+    by the consent-module, which supports UIInfo's PrivacyStatementURL.
+    See https://simplesamlphp.org/docs/stable/simplesamlphp-metadata-extensions-ui on how to configure this.
+
 ## Version 1.17.5
 
 Released 2019-08-02
diff --git a/docs/simplesamlphp-reference-idp-hosted.md b/docs/simplesamlphp-reference-idp-hosted.md
index d59661868a15c9e5e106d59c58574005bd45a51a..3a6b47934b868487996c680f56b6ff66b96d0ffd 100644
--- a/docs/simplesamlphp-reference-idp-hosted.md
+++ b/docs/simplesamlphp-reference-idp-hosted.md
@@ -123,6 +123,8 @@ Common options
     any value in the SP-remote metadata overrides the one configured
     in the IdP metadata.
 
+:   *Note*: **deprecated** Will be removed in a future release; use the MDUI-extension instead
+
 `privatekey`
 :   Name of private key file for this IdP, in PEM format. The filename
     is relative to the `cert/`-directory.
diff --git a/docs/simplesamlphp-reference-sp-remote.md b/docs/simplesamlphp-reference-sp-remote.md
index 8fb93248573554f6493fe4b94b1a7d878accc34e..423df7b37f76366b4aa64cae63ba016b75b509e8 100644
--- a/docs/simplesamlphp-reference-sp-remote.md
+++ b/docs/simplesamlphp-reference-sp-remote.md
@@ -98,6 +98,8 @@ and Shibboleth 1.3 protocol:
     entry in the SP-remote metadata overrides the option in the
     IdP-hosted metadata.
 
+:   *Note*: **deprecated** Will be removed in a future release; use the MDUI-extension instead
+
 `userid.attribute`
 :   The attribute name of an attribute which uniquely identifies
     the user. This attribute is used if SimpleSAMLphp needs to generate
diff --git a/lib/SimpleSAML/Auth/TimeLimitedToken.php b/lib/SimpleSAML/Auth/TimeLimitedToken.php
index fcca0b0acc93f126803ad96fe728035a2ef5d11d..2f35984053687880ed176110736d7494c7655adb 100644
--- a/lib/SimpleSAML/Auth/TimeLimitedToken.php
+++ b/lib/SimpleSAML/Auth/TimeLimitedToken.php
@@ -6,6 +6,8 @@ use SimpleSAML\Utils;
 
 /**
  * A class that generates and verifies time-limited tokens.
+ *
+ * @deprecated  This class was deprecated in 1.18 and will be removed in a future release
  */
 
 class TimeLimitedToken
diff --git a/psalm.xml b/psalm.xml
index 64c381171cd01df7d80176db249f6243693af672..1add8cc4260c950cd05dc1d21390dc4d4e707808 100644
--- a/psalm.xml
+++ b/psalm.xml
@@ -37,6 +37,7 @@
         <!-- Ignore deprecated classes -->
         <ignoreFiles>
             <file name="lib/SimpleSAML/Auth/DefaultAuth.php" />
+            <file name="lib/SimpleSAML/Auth/TimeLimitedToken.php" />
             <file name="lib/SimpleSAML/Utilities.php" />
 
             <!-- Ignore deprecated PHP-templates - Remove for 2.0 -->