v1.0.16

Note: This release contains an important security fix.

Enhancements

• [PowPersistentSession.Plug.Cookie] Now supports :persistent_session_cookie_opts to customize any options that will be passed on to Plug.Conn.put_resp_cookie/4 #365
• [PowResetPassword.Phoenix.ResetPasswordController] Now uses PowResetPassword.Phoenix.Messages.maybe_email_has_been_sent/1 with a generic response that tells the user the email has been sent only if an account was found #349
• [PowResetPassword.Phoenix.ResetPasswordController] When a user doesn't exist will now return success message if PowEmailConfirmation extension is enabled #349
• [PowResetPassword.Phoenix.Messages] Added PowResetPassword.Phoenix.Messages.maybe_email_has_been_sent/1 and let PowResetPassword.Phoenix.Messages.email_has_been_sent/1 fall back to it #349
• [PowEmailConfirmation.Phoenix.ControllerCallbacks] When a user tries to sign up and the email has already been taken the default e-mail confirmation required message will be shown #350
• [Pow.Plug.Session] Now renews the Plug session each time the Pow session is created or rolled 578ffd3

Bug fixes

• [Pow.Ecto.Schema.Changeset] Fixed bug where Pow.Ecto.Schema.Changeset.user_id_field_changeset/3 update with nil value caused an exception to be raised #364
• [PowPersistentSession.Plug.Cookie] Now expires the cookie 10 seconds after the last request when authenticating to prevent multiple simultaneous requests deletes the cookie immediately #366

Documentation

• Added mailer rate limitation section to production checklist guide #368
• [Pow.Plug.Session] Added section on session expiration to the docs #367
• Updated instructions in umbrella project guide to Elixir 1.9 d38efab
• [Pow.Store.Backend.Base] Updated usage example with Cachex 32b0d5a
• Added security practices page #372