All Versions
Latest Version
Avg Release Cycle
31 days
Latest Release
94 days ago

Changelog History
Page 1

  • v2.25.0 Changes

    June 22, 2022
    • ๐Ÿ‘Œ Support disabling routes by passing nil/false to *_route methods (janko) (#245)
  • v2.24.0 Changes

    May 24, 2022
    • โ†ช Work around implicit null byte check added in bcrypt 3.1.18 by checking password requirements before other password checks (jeremyevans)

    • ๐Ÿ›  Fix invalid HTML on pages with OTP QR codes (jeremyevans)

    • Add recovery_codes_available? configuration method to the recovery_codes feature (janko) (#238)

    • โž• Add otp_available? configuration method to the otp feature (janko) (#238)

  • v2.23.0 Changes

    April 22, 2022
    • Don't automatically set :httponly cookie option if :http_only option is set in remember feature (jeremyevans)

    • ๐Ÿ›  Fix invalid domain check in internal_request feature when using Rack 3 (jeremyevans)

    • ๐Ÿ‘‰ Make removing all multifactor authentication methods mark session as not authenticated by SMS (janko) (#235)

    • ๐Ÿ‘‰ Use use_path option when rendering QR code to svg in the otp feature, to reduce svg size (jeremyevans)

  • v2.22.0 Changes

    March 22, 2022
    • Ignore parameters where the value includes a null byte by default, add null_byte_parameter_value configuration method for customization (jeremyevans)

    • ๐Ÿ– Handle sessions created before active_sessions feature was enabled during logout (jeremyevans) (#224)

    • Add reset_password_notify for emailing users after successful password resets (jeremyevans)

    • An email method can now be used in external features to DRY up email creation code (jeremyevans)

    • The change_password_notify feature now correctly handles template precompilation (jeremyevans)

    • ๐Ÿ›  Fix update_sms to update stored sms hash (bjeanes) (#222)

  • v2.21.0 Changes

    February 23, 2022
    • Avoid extra bcrypt hashing on account verification when using account_password_hash_column (janko) (#217)

    • ๐Ÿ‘‰ Make require_account public (janko) (#212)

    • ๐Ÿ‘ฎ Force specific date/time format when displaying webauthn last use time (jeremyevans)

    • Automatically clear the session in require_login if users go beyond verify account grace period (janko) (#211)

    • Fix typo in default value of global_logout_label in active_sessions plugin (sterlzbd) (#209)

  • v2.20.0 Changes

    January 24, 2022
    • Change the default implementation of webauth_rp_id to not include the port (jeremyevans) (#203)

    • ๐Ÿšš Make logout of all sessions in active_sessions plugin also remove remember key if using remember plugin (jeremyevans)

  • v2.19.0 Changes

    December 22, 2021
    • Add login_maximum_bytes, setting the maximum number of bytes in a login, 255 by default (jeremyevans)

    • Add password_maximum_bytes, setting the maximum number of bytes in a password, nil by default for no limit (jeremyevans)

    • Add password_maximum_length, setting the maximum number of characters in a password, nil by default for no limit (jeremyevans)

    • ๐Ÿ‘Œ Support multi-level inheritance of Rodauth::Auth (janko) (#191)

    • ๐Ÿ‘ Allow internal_request feature to work correctly when loaded into custom Rodauth::Auth subclasses before loading into a Roda application (janko) (#190)

    • Assign internal subclass created by internal_request feature to the InternalRequest constant (janko) (#187)

  • v2.18.0 Changes

    November 23, 2021
    • ๐Ÿ‘ Allow JSON API access to /multifactor-manage to get links to setup/disable multifactor authentication endpoints (jeremyevans)

    • ๐Ÿ‘ Allow JSON API access to /multifactor-auth to get links to possible multifactor authentication endpoints (jeremyevans)

    • Set configuration_name on class passed via :auth_class option if not already set (janko, jeremyevans) (#181)

    • ๐Ÿ’… Use viewbox: true option when creating QR code in otp feature, displays better and easier to style when using rqrcode 2+ (jeremyevans)

    • ๐Ÿ‘‰ Make argon2 feature work with argon2 2.1.0 (jeremyevans)

  • v2.17.0 Changes

    September 24, 2021
    • Make jwt_refresh work correctly with verify_account_grace_period (jeremyevans)

    • ๐Ÿ‘‰ Use 4xx status code when attempting to login to or create an unverified account (janko) (#177, #178)

  • v2.16.0 Changes

    August 23, 2021
    • โž• Add Rodauth.lib for using Rodauth as a library (jeremyevans)

    • ๐Ÿ”ง Make internal_request feature work if the configuration uses only_json? true (janko) (#176)