Changelog History
Page 1
-
v2.26.1 Changes
November 08, 2022- ๐ Fix regression in QR code generation in otp feature causing all black QR code (janko) (#279)
-
v2.26.0 Changes
October 21, 2022Raise a more informative error when using a feature requiring hmac_secret but not setting hmac_secret (janko) (#271)
Limit parameter bytesize to 1024 by default, override with max_param_bytesize configuration method (jeremyevans)
Skip displaying links for disabled routes (janko) (#269)
Do not prefix flash keys with the session key prefix (jeremyevans) (#266)
๐ง Set configuration_name correctly for internal request classes (janko) (#265)
โ Add argon2_secret configuration method to the argon2 feature to specify the secret/pepper used for argon2 password hashes (janko) (#264)
๐ Use white background instead of transparent background for QR code in otp feature (jeremyevans) (#256)
-
v2.25.0 Changes
June 22, 2022- ๐ Support disabling routes by passing nil/false to *_route methods (janko) (#245)
-
v2.24.0 Changes
May 24, 2022โช Work around implicit null byte check added in bcrypt 3.1.18 by checking password requirements before other password checks (jeremyevans)
๐ Fix invalid HTML on pages with OTP QR codes (jeremyevans)
Add recovery_codes_available? configuration method to the recovery_codes feature (janko) (#238)
โ Add otp_available? configuration method to the otp feature (janko) (#238)
-
v2.23.0 Changes
April 22, 2022Don't automatically set :httponly cookie option if :http_only option is set in remember feature (jeremyevans)
๐ Fix invalid domain check in internal_request feature when using Rack 3 (jeremyevans)
๐ Make removing all multifactor authentication methods mark session as not authenticated by SMS (janko) (#235)
๐ Use use_path option when rendering QR code to svg in the otp feature, to reduce svg size (jeremyevans)
-
v2.22.0 Changes
March 22, 2022Ignore parameters where the value includes a null byte by default, add null_byte_parameter_value configuration method for customization (jeremyevans)
๐ Handle sessions created before active_sessions feature was enabled during logout (jeremyevans) (#224)
Add reset_password_notify for emailing users after successful password resets (jeremyevans)
An email method can now be used in external features to DRY up email creation code (jeremyevans)
The change_password_notify feature now correctly handles template precompilation (jeremyevans)
๐ Fix update_sms to update stored sms hash (bjeanes) (#222)
-
v2.21.0 Changes
February 23, 2022Avoid extra bcrypt hashing on account verification when using account_password_hash_column (janko) (#217)
๐ Make require_account public (janko) (#212)
๐ฎ Force specific date/time format when displaying webauthn last use time (jeremyevans)
Automatically clear the session in require_login if users go beyond verify account grace period (janko) (#211)
Fix typo in default value of global_logout_label in active_sessions plugin (sterlzbd) (#209)
-
v2.20.0 Changes
January 24, 2022Change the default implementation of webauth_rp_id to not include the port (jeremyevans) (#203)
๐ Make logout of all sessions in active_sessions plugin also remove remember key if using remember plugin (jeremyevans)
-
v2.19.0 Changes
December 22, 2021Add login_maximum_bytes, setting the maximum number of bytes in a login, 255 by default (jeremyevans)
Add password_maximum_bytes, setting the maximum number of bytes in a password, nil by default for no limit (jeremyevans)
Add password_maximum_length, setting the maximum number of characters in a password, nil by default for no limit (jeremyevans)
๐ Support multi-level inheritance of Rodauth::Auth (janko) (#191)
๐ Allow internal_request feature to work correctly when loaded into custom Rodauth::Auth subclasses before loading into a Roda application (janko) (#190)
Assign internal subclass created by internal_request feature to the InternalRequest constant (janko) (#187)
-
v2.18.0 Changes
November 23, 2021๐ Allow JSON API access to /multifactor-manage to get links to setup/disable multifactor authentication endpoints (jeremyevans)
๐ Allow JSON API access to /multifactor-auth to get links to possible multifactor authentication endpoints (jeremyevans)
Set configuration_name on class passed via :auth_class option if not already set (janko, jeremyevans) (#181)
๐ Use viewbox: true option when creating QR code in otp feature, displays better and easier to style when using rqrcode 2+ (jeremyevans)
๐ Make argon2 feature work with argon2 2.1.0 (jeremyevans)