Devise v4.6.0 Release Notes

Release Date: 2019-02-07 // almost 2 years ago
    • โœจ enhancements

      • Allow to skip email and password change notifications (by @iorme1)
      • Include the use of nil for allow_unconfirmed_access_for in the docs (by @joaumg)
      • Ignore useless files into the .gem file (by @huacnlee)
      • Explain the code that prevents enumeration attacks inside Devise::Strategies::DatabaseAuthenticatable (by @tegon)
      • Refactor the devise_error_messages! helper to render a partial (by @prograhamer)
      • Add an option (Devise.sign_in_after_change_password) to not automatically sign in a user after changing a password (by @knjko)
    • ๐Ÿ› bug fixes

      • Fix missing comma in Simple Form generator (by @colinross)
      • Fix error with migration generator in Rails 6 (by @oystersauce8)
      • Set encrypted_password to nil when password is set to nil (by @sivagollapalli)
      • Consider whether the request supports flash messages inside Devise::Controllers::Helpers#is_flashing_format? (by @colinross)
      • Fix typo inside Devise::Generators::ControllersGenerator (by @kopylovvlad)
      • Sanitize parameters inside Devise::Models::Authenticatable#find_or_initialize_with_errors (by @rlue)
      • #after_database_authentication callback was not called after authentication on password reset (by @kanmaniselvan)
      • Fix corner case when #confirmation_period_valid? was called at the same second as confirmation_sent_at was set. Mostly true for date types that only have second precisions. (by @stanhu)
      • Fix unclosed li tag in error_messages partial (by @mracos)
      • Fix Routes issue when devise engine is mounted in another engine on Rails versions lower than 5.1 (by @a-barbieri)
      • Make #increment_failed_attempts concurrency safe (by @tegon)
      • Apply Test Helper fix to Rails 6.0 as well as 5.x (by @matthewrudy)
    • ๐Ÿ—„ deprecations

      • The second argument of DatabaseAuthenticatable's #update_with_password and #update_without_password is deprecated and will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it from your code. (by @ihatov08)
      • The DeviseHelper.devise_error_messages! is deprecated and will be removed in the next major version. Use the devise/shared/error_messages partial instead. (by @mracos)