Doorkeeper v5.4.0.rc2 Release Notes

Release Date: 2020-05-02 // over 2 years ago

    [#1371] Add #as_json method and attributes serialization restriction for Application model.
    ๐Ÿ›  Fixes information disclosure vulnerability (CVE-2020-10187).

    [IMPORTANT] you need to re-implement #as_json method for Doorkeeper Application model
    if you previously used #to_json serialization with custom options or attributes or rely on
    JSON response from /oauth/applications.json or /oauth/authorized_applications.json. This change
    is a breaking change which restricts serialized attributes to a very small set of columns.

    [#1395] Fix NameError: uninitialized constant Doorkeeper::AccessToken for Rake tasks.

    ๐Ÿ‘ [#1397] Add as: :doorkeeper_application on Doorkeeper application form in order to support
    ๐Ÿ”ง custom configured application model.

    [#1400] Correctly yield the application instance to allow_grant_flow_for_client? config
    ๐Ÿ›  option (fixes #1398).

    [#1402] Handle trying authorization with client credentials.