All Versions
25
Latest Version
Avg Release Cycle
100 days
Latest Release
1160 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v4.8.1 Changes
December 16, 2021- โจ enhancements
- Add support for Rails 7.0. Please note that Turbo integration is not fully supported by Devise yet.
- โจ enhancements
-
v4.8.0 Changes
April 29, 2021โจ enhancements
- Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in their release notes. Devise's OmniAuth Overview wiki was also updated to cover OmniAuth 2.0 requirements.
- Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to
method: :post
, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to usemethod: :post
, or changed to use buttons (e.g.button_to
) to work with OmniAuth 2. (if you're using links withmethod: :post
, make sure your app hasrails-ujs
orjquery-ujs
included in order for these links to work properly.) - As part of the OmniAuth 2.0 upgrade you might also need to add the
omniauth-rails_csrf_protection
gem to your app if you don't have it already. (and you don't want to roll your own code to verify requests.) Check the OmniAuth v2 release notes for more info. - Introduce
Lockable#reset_failed_attempts!
model method to reset failed attempts counter to 0 after the user signs in. - This logic existed inside the lockable warden hook and is triggered automatically after the user signs in. The new model method is an extraction to allow you to override it in the application to implement things like switching to a write database if you're using the new multi-DB infrastructure from Rails for example, similar to how it's already possible with
Trackable#update_tracked_fields!
. - Add support for Ruby 3.
- Add support for Rails 6.1.
- Move CI to GitHub Actions.
๐ deprecations
Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION
is deprecated in favor ofDevise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION
(@hanachin)
-
v4.7.3 Changes
September 20, 2020- ๐ bug fixes
- Do not modify
:except
option given to#serializable_hash
. (by @dpep) - Fix thor deprecation when running the devise generator. (by @deivid-rodriguez)
- Fix hanging tests for streaming controllers using Devise. (by @afn)
- Do not modify
- ๐ bug fixes
-
v4.7.2 Changes
June 10, 2020โจ enhancements
- Increase default stretches to 12 (by @sergey-alekseev)
- Ruby 2.7 support (kwarg warnings removed)
๐ bug fixes
- Generate scoped views with proper scoped errors partial (by @shobhitic)
- Allow to set scoped
already_authenticated
error messages (by @gurgelrenan)
-
v4.7.1 Changes
September 06, 2019- ๐ bug fixes
- Fix an edge case where records with a blank
confirmation_token
could be confirmed (by @tegon) - Fix typo inside
update_needs_confirmation
i18n key (by @lslm)
- Fix an edge case where records with a blank
- ๐ bug fixes
-
v4.7.0 Changes
August 19, 2019โจ enhancements
- Support Rails 6.0
- Update CI to rails 6.0.0.beta3 (by @tunnes)
- refactor method name to be more consistent (by @saiqulhaq)
- Fix rails 6.0.rc1 email uniqueness validation deprecation warning (by @Vasfed)
๐ bug fixes
- Add
autocomplete="new-password"
topassword_confirmation
fields (by @ferrl) - Fix rails_51_and_up? method for Rails 6.rc1 (by @igorkasyanchuk)
- Add
-
v4.6.2 Changes
March 26, 2019- ๐ bug fixes
- Revert "Set
encrypted_password
tonil
whenpassword
is set tonil
" since it broke backward compatibility with existing applications. See more on https://github.com/plataformatec/devise/issues/5033#issuecomment-476386275 (by @mracos)
- Revert "Set
- ๐ bug fixes
-
v4.6.1 Changes
February 11, 2019- ๐ bug fixes
- Check if
root_path
is defined with#respond_to?
instead of#present
(by @tegon)
- Check if
- ๐ bug fixes
-
v4.6.0 Changes
February 07, 2019โจ enhancements
- Allow to skip email and password change notifications (by @iorme1)
- Include the use of
nil
forallow_unconfirmed_access_for
in the docs (by @joaumg) - Ignore useless files into the
.gem
file (by @huacnlee) - Explain the code that prevents enumeration attacks inside
Devise::Strategies::DatabaseAuthenticatable
(by @tegon) - Refactor the
devise_error_messages!
helper to render a partial (by @prograhamer) - Add an option (
Devise.sign_in_after_change_password
) to not automatically sign in a user after changing a password (by @knjko)
๐ bug fixes
- Fix missing comma in Simple Form generator (by @colinross)
- Fix error with migration generator in Rails 6 (by @oystersauce8)
- Set
encrypted_password
tonil
whenpassword
is set tonil
(by @sivagollapalli) - Consider whether the request supports flash messages inside
Devise::Controllers::Helpers#is_flashing_format?
(by @colinross) - Fix typo inside
Devise::Generators::ControllersGenerator
(by @kopylovvlad) - Sanitize parameters inside
Devise::Models::Authenticatable#find_or_initialize_with_errors
(by @rlue) #after_database_authentication
callback was not called after authentication on password reset (by @kanmaniselvan)- Fix corner case when
#confirmation_period_valid?
was called at the same second asconfirmation_sent_at
was set. Mostly true for date types that only have second precisions. (by @stanhu) - Fix unclosed
li
tag inerror_messages
partial (by @mracos) - Fix Routes issue when devise engine is mounted in another engine on Rails versions lower than 5.1 (by @a-barbieri)
- Make
#increment_failed_attempts
concurrency safe (by @tegon) - Apply Test Helper fix to Rails 6.0 as well as 5.x (by @matthewrudy)
๐ deprecations
- The second argument of
DatabaseAuthenticatable
's#update_with_password
and#update_without_password
is deprecated and will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it from your code. (by @ihatov08) - The
DeviseHelper.devise_error_messages!
is deprecated and will be removed in the next major version. Use thedevise/shared/error_messages
partial instead. (by @mracos)
- The second argument of
-
v4.5.0 Changes
August 15, 2018โจ enhancements
- Use
before_action
instead ofbefore_filter
(by @edenthecat) - Allow people to extend devise failure app, through invoking
ActiveSupport.run_load_hooks
onceDevise::FailureApp
is loaded (by @wnm) - Use
update
instead ofupdate_attributes
(by @koic) - Split IP resolution from
update_tracked_fields
(by @mckramer) - upgrade dependencies for rails and responders (by @lancecarlson)
- Add
autocomplete="new-password"
to new password fields (by @gssbzn) - Add
autocomplete="current-password"
to current password fields (by @gssbzn) - Remove redundant
self
fromdatabase_authenticatable
module (by @abhishekkanojia) - Update
simple_form
templates with changes from https://github.com/plataformatec/devise/commit/16b3d6d67c7e017d461ea17ed29ea9738dc77e83 and https://github.com/plataformatec/devise/commit/6260c29a867b9a656f1e1557abe347a523178fab (by @gssbzn) - Remove
:trackable
from the default modules in the generators, to be more GDPR-friendly (by @fakenine)
- Use
๐ bug fixes
- Use same string on failed login regardless of whether account exists when in paranoid mode (by @TonyMK9068)
- Fix error when params is not a hash inside
Devise::ParameterSanitizer
(by @b0nn1e) - Look for
secret_key_base
insideRails.application
(by @gencer) - Ensure
Devise::ParameterFilter
does not add missing keys when called with a hash that has adefault
/default_proc
๐ง configured (by @joshpencheon) - Adds
is_navigational_format?
check toafter_sign_up_path_for
to keep consistency (by @iorme1)