Doorkeeper v5.4.0 Release Notes

Release Date: 2020-05-11 // 21 days ago
    • [#1404] Make Doorkeeper::Application#read_attribute_for_serialization public.

Previous changes from v5.4.0.rc2

    [#1371] Add #as_json method and attributes serialization restriction for Application model.
    🛠 Fixes information disclosure vulnerability (CVE-2020-10187).

    [IMPORTANT] you need to re-implement #as_json method for Doorkeeper Application model
    if you previously used #to_json serialization with custom options or attributes or rely on
    JSON response from /oauth/applications.json or /oauth/authorized_applications.json. This change
    is a breaking change which restricts serialized attributes to a very small set of columns.

    [#1395] Fix NameError: uninitialized constant Doorkeeper::AccessToken for Rake tasks.

    👍 [#1397] Add as: :doorkeeper_application on Doorkeeper application form in order to support
    🔧 custom configured application model.

    [#1400] Correctly yield the application instance to allow_grant_flow_for_client? config
    🛠 option (fixes #1398).

    [#1402] Handle trying authorization with client credentials.