diff --git a/config.TEMPLATE.inc.php b/config.TEMPLATE.inc.php
index f002ca0cd19..ec58d6d174b 100644
--- a/config.TEMPLATE.inc.php
+++ b/config.TEMPLATE.inc.php
@@ -266,7 +266,7 @@
 ; cipher = 'aes-256-cbc'
 
 ; Define should the cookie at user's end need to be encrypted
-; Enabling/Disbaling will force all user to re-login
+; Enabling/Disabling will force all user to re-login
 ; cookie_encryption = On
 
 ; Force SSL connections site-wide and also sets the "Secure" flag for session cookies
diff --git a/dbscripts/xml/upgrade.xml b/dbscripts/xml/upgrade.xml
index e87d97ee2f6..e9ccdb2c119 100644
--- a/dbscripts/xml/upgrade.xml
+++ b/dbscripts/xml/upgrade.xml
@@ -13,7 +13,6 @@
 
 <install version="3.5.0.0">
 	<code function="checkPhpVersion" />
-	<code function="addAppKey" />
 
 	<upgrade minversion="2.0.0.0" maxversion="3.2.9.9">
 		<!-- OJS < 3.1.0 upgrade unsupported -->
@@ -121,6 +120,7 @@
 
 	<upgrade minversion="3.1.0.0" maxversion="3.4.9.9">
 		<migration class="PKP\migration\upgrade\v3_5_0\PreflightCheckMigration" fallback="3.4.9.9" />
+		<migration class="PKP\migration\upgrade\v3_5_0\I9895_AddAppKeyToConfigFile"/>
 		<migration class="PKP\migration\upgrade\v3_5_0\I9197_MigrateAccessKeys"/>
 		<migration class="PKP\migration\upgrade\v3_5_0\I9253_SiteAnnouncements"/>
 		<migration class="PKP\migration\upgrade\v3_5_0\I9262_Highlights"/>
diff --git a/docs/release-notes/README-3.5.0 b/docs/release-notes/README-3.5.0
index a74aa52de98..df11c237937 100644
--- a/docs/release-notes/README-3.5.0
+++ b/docs/release-notes/README-3.5.0
@@ -11,9 +11,15 @@ See config.TEMPLATE.inc.php for a description and examples of all supported
 configuration parameters.
 
 New config.inc.php parameters added for general:
-    - session_cookie_enctyption_key (default value: ''), allow cookie encryption when set
+    - app_key (default value: ''), application specific key will used internally for encryption/decryption
+
+New config.inc.php parameters added for security:
+    - cipher (default value: ''), cipher algorithm used to generate app key and encryption purpose
+    - cookie_encryption (default value: ''), allow cookie encryption when set
+
 
 New Features
 ------------
     #9566 : Convert session and cookie management to Laravel
+    #9895 : Introduce APP KEY feature of Laravel