All Versions
Latest Version
Avg Release Cycle
85 days
Latest Release
71 days ago

Changelog History
Page 1

  • v4.7.3

    September 20, 2020
    • ๐Ÿ› bug fixes
      • Do not modify :except option given to #serializable_hash. (by @dpep)
      • Fix thor deprecation when running the devise generator. (by @deivid-rodriguez)
      • Fix hanging tests for streaming controllers using Devise. (by @afn)
  • v4.7.2

    June 10, 2020
    • โœจ enhancements

      • Increase default stretches to 12 (by @sergey-alekseev)
      • Ruby 2.7 support (kwarg warnings removed)
    • ๐Ÿ› bug fixes

      • Generate scoped views with proper scoped errors partial (by @shobhitic)
      • Allow to set scoped already_authenticated error messages (by @gurgelrenan)
  • v4.7.1

    September 06, 2019
    • ๐Ÿ› bug fixes
      • Fix an edge case where records with a blank confirmation_token could be confirmed (by @tegon)
      • Fix typo inside update_needs_confirmation i18n key (by @lslm)
  • v4.7.0

    August 19, 2019
    • โœจ enhancements

      • Support Rails 6.0
      • Update CI to rails 6.0.0.beta3 (by @tunnes)
      • refactor method name to be more consistent (by @saiqulhaq)
      • Fix rails 6.0.rc1 email uniqueness validation deprecation warning (by @Vasfed)
    • ๐Ÿ› bug fixes

      • Add autocomplete="new-password" to password_confirmation fields (by @ferrl)
      • Fix rails_51_and_up? method for Rails 6.rc1 (by @igorkasyanchuk)
  • v4.6.2

    March 26, 2019
  • v4.6.1

    February 11, 2019
    • ๐Ÿ› bug fixes
      • Check if root_path is defined with #respond_to? instead of #present (by @tegon)
  • v4.6.0

    February 07, 2019
    • โœจ enhancements

      • Allow to skip email and password change notifications (by @iorme1)
      • Include the use of nil for allow_unconfirmed_access_for in the docs (by @joaumg)
      • Ignore useless files into the .gem file (by @huacnlee)
      • Explain the code that prevents enumeration attacks inside Devise::Strategies::DatabaseAuthenticatable (by @tegon)
      • Refactor the devise_error_messages! helper to render a partial (by @prograhamer)
      • Add an option (Devise.sign_in_after_change_password) to not automatically sign in a user after changing a password (by @knjko)
    • ๐Ÿ› bug fixes

      • Fix missing comma in Simple Form generator (by @colinross)
      • Fix error with migration generator in Rails 6 (by @oystersauce8)
      • Set encrypted_password to nil when password is set to nil (by @sivagollapalli)
      • Consider whether the request supports flash messages inside Devise::Controllers::Helpers#is_flashing_format? (by @colinross)
      • Fix typo inside Devise::Generators::ControllersGenerator (by @kopylovvlad)
      • Sanitize parameters inside Devise::Models::Authenticatable#find_or_initialize_with_errors (by @rlue)
      • #after_database_authentication callback was not called after authentication on password reset (by @kanmaniselvan)
      • Fix corner case when #confirmation_period_valid? was called at the same second as confirmation_sent_at was set. Mostly true for date types that only have second precisions. (by @stanhu)
      • Fix unclosed li tag in error_messages partial (by @mracos)
      • Fix Routes issue when devise engine is mounted in another engine on Rails versions lower than 5.1 (by @a-barbieri)
      • Make #increment_failed_attempts concurrency safe (by @tegon)
      • Apply Test Helper fix to Rails 6.0 as well as 5.x (by @matthewrudy)
    • ๐Ÿ—„ deprecations

      • The second argument of DatabaseAuthenticatable's #update_with_password and #update_without_password is deprecated and will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it from your code. (by @ihatov08)
      • The DeviseHelper.devise_error_messages! is deprecated and will be removed in the next major version. Use the devise/shared/error_messages partial instead. (by @mracos)
  • v4.5.0

    August 15, 2018
    • โœจ enhancements

      • Use before_action instead of before_filter (by @edenthecat)
      • Allow people to extend devise failure app, through invoking ActiveSupport.run_load_hooks once Devise::FailureApp is loaded (by @wnm)
      • Use update instead of update_attributes (by @koic)
      • Split IP resolution from update_tracked_fields (by @mckramer)
      • upgrade dependencies for rails and responders (by @lancecarlson)
      • Add autocomplete="new-password" to new password fields (by @gssbzn)
      • Add autocomplete="current-password" to current password fields (by @gssbzn)
      • Remove redundant self from database_authenticatable module (by @abhishekkanojia)
      • Update simple_form templates with changes from and (by @gssbzn)
      • Remove :trackable from the default modules in the generators, to be more GDPR-friendly (by @fakenine)
    • ๐Ÿ› bug fixes

      • Use same string on failed login regardless of whether account exists when in paranoid mode (by @TonyMK9068)
      • Fix error when params is not a hash inside Devise::ParameterSanitizer (by @b0nn1e)
      • Look for secret_key_base inside Rails.application (by @gencer)
      • Ensure Devise::ParameterFilter does not add missing keys when called with a hash that has a default / default_proc ๐Ÿ”ง configured (by @joshpencheon)
      • Adds is_navigational_format? check to after_sign_up_path_for to keep consistency (by @iorme1)
  • v4.4.3

    March 18, 2018
    • ๐Ÿ› bug fixes
      • Fix undefined method rails5? for Devise::Test:Module (by @tegon)
      • Fix: secret key was being required to be set inside credentials on Rails 5.2 (by @tegon)
  • v4.4.2

    March 15, 2018
    • โœจ enhancements

      • Support for :credentials on Rails v5.2.x. (by @gencer)
      • Improve documentation about the test suite. (by @tegon)
      • Test with Rails 5.2.rc1 on Travis. (by @jcoyne)
      • Allow test with Rails 6. (by @Fudoshiki)
      • Creating a new section for controller configuration on devise.rb template (by @Danilo-Araujo-Silva)
    • ๐Ÿ› bug fixes

      • Preserve content_type for unauthenticated tests (by @gmcnaughton)
      • Check if the resource is persisted in update_tracked_fields! instead of performing validations (by @tegon)
      • Revert "Replace log_process_action to append_info_to_payload" (by @tegon)