diff --git a/CHANGES.txt b/CHANGES.txt
index 6c7d59a..1e9e094 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,6 +1,14 @@
 Changes
 =======
 
+0.4.0 (2018-09-27)
+------------------
+
+- Bump minimal supported ``aiohttp`` version to 3.2
+
+- Use ``request.config_dict`` for accessing ``jinja2`` environment. It
+  allows to reuse jinja rendering engine from parent application.
+
 0.3.0 (2018-09-06)
 ------------------
 
diff --git a/aiohttp_security/__init__.py b/aiohttp_security/__init__.py
index e9d5297..6b934f6 100644
--- a/aiohttp_security/__init__.py
+++ b/aiohttp_security/__init__.py
@@ -6,7 +6,7 @@ from .cookies_identity import CookiesIdentityPolicy
 from .session_identity import SessionIdentityPolicy
 from .jwt_identity import JWTIdentityPolicy
 
-__version__ = '0.3.0'
+__version__ = '0.4.0'
 
 
 __all__ = ('AbstractIdentityPolicy', 'AbstractAuthorizationPolicy',
diff --git a/aiohttp_security/api.py b/aiohttp_security/api.py
index d92a73e..d6a2dd5 100644
--- a/aiohttp_security/api.py
+++ b/aiohttp_security/api.py
@@ -19,7 +19,7 @@ async def remember(request, response, identity, **kwargs):
     """
     assert isinstance(identity, str), identity
     assert identity
-    identity_policy = request.app.get(IDENTITY_KEY)
+    identity_policy = request.config_dict.get(IDENTITY_KEY)
     if identity_policy is None:
         text = ("Security subsystem is not initialized, "
                 "call aiohttp_security.setup(...) first")
@@ -36,7 +36,7 @@ async def forget(request, response):
     Usually it clears cookie or server-side storage to forget user
     session.
     """
-    identity_policy = request.app.get(IDENTITY_KEY)
+    identity_policy = request.config_dict.get(IDENTITY_KEY)
     if identity_policy is None:
         text = ("Security subsystem is not initialized, "
                 "call aiohttp_security.setup(...) first")
@@ -48,8 +48,8 @@ async def forget(request, response):
 
 
 async def authorized_userid(request):
-    identity_policy = request.app.get(IDENTITY_KEY)
-    autz_policy = request.app.get(AUTZ_KEY)
+    identity_policy = request.config_dict.get(IDENTITY_KEY)
+    autz_policy = request.config_dict.get(AUTZ_KEY)
     if identity_policy is None or autz_policy is None:
         return None
     identity = await identity_policy.identify(request)
@@ -62,8 +62,8 @@ async def authorized_userid(request):
 async def permits(request, permission, context=None):
     assert isinstance(permission, (str, enum.Enum)), permission
     assert permission
-    identity_policy = request.app.get(IDENTITY_KEY)
-    autz_policy = request.app.get(AUTZ_KEY)
+    identity_policy = request.config_dict.get(IDENTITY_KEY)
+    autz_policy = request.config_dict.get(AUTZ_KEY)
     if identity_policy is None or autz_policy is None:
         return True
     identity = await identity_policy.identify(request)
@@ -78,7 +78,7 @@ async def is_anonymous(request):
     User is considered anonymous if there is not identity
     in request.
     """
-    identity_policy = request.app.get(IDENTITY_KEY)
+    identity_policy = request.config_dict.get(IDENTITY_KEY)
     if identity_policy is None:
         return True
     identity = await identity_policy.identify(request)
diff --git a/setup.py b/setup.py
index 2217951..25dcf1d 100644
--- a/setup.py
+++ b/setup.py
@@ -27,7 +27,7 @@ def read(f):
     return open(os.path.join(os.path.dirname(__file__), f)).read().strip()
 
 
-install_requires = ['aiohttp>=3.0.0']
+install_requires = ['aiohttp>=3.2.0']
 tests_require = install_requires + ['pytest']
 extras_require = {'session': 'aiohttp-session'}
 
@@ -43,6 +43,7 @@ setup(name='aiohttp-security',
           'Programming Language :: Python :: 3',
           'Programming Language :: Python :: 3.5',
           'Programming Language :: Python :: 3.6',
+          'Programming Language :: Python :: 3.7',
           'Topic :: Internet :: WWW/HTTP',
           'Framework :: AsyncIO',
       ],