Clearance v1.16.0 Release Notes
Release Date: 2017-11-02 // over 6 years ago-
🔒 Security
- Clearance users can now help prevent session fixation attacks by setting
Clearance.configuration.rotate_csrf_on_sign_in
totrue
. This will cause the user's CSRF token to be rotated on sign in and is recommended for all Clearance applications. This setting will default totrue
in Clearance 2.0. Clearance will emit a warning on each sign in until this configuration setting is explicitly set totrue
orfalse
.
- Clearance users can now help prevent session fixation attacks by setting