Skip to content

Latest commit

 

History

History
490 lines (261 loc) · 19.7 KB

CHANGELOG.md

File metadata and controls

490 lines (261 loc) · 19.7 KB

Release Notes

v1.18.1 - 2023-10-18

v1.18.0 - 2023-09-12

v1.17.6 - 2023-09-04

  • Update logout to invalidate and regenerate session only if session is present (Issue #486) by @karmendra in laravel#487

v1.17.5 - 2023-08-02

v1.17.4 - 2023-06-18

  • Port security fixes to default login rate limiter by @staudenmeir in laravel#473

v1.17.3 - 2023-06-02

  • Fix contract implementation by @jessarcher in laravel#472

v1.17.2 - 2023-04-26

  • Revert "Add rate limiter for a registration" by @taylorotwell in laravel#465

v1.17.1 - 2023-04-19

  • Add rate limiter for a registration by @trbsi in laravel#460

v1.17.0 - 2023-04-17

  • Add ability to override routes with custom paths by @stephenglass in laravel#458

v1.16.0 - 2023-01-06

Added

v1.15.0 - 2023-01-03

Changed

  • Update PrepareAuthenticatedSession.php by @francoism90 in laravel#434
  • Uses PHP Native Type Declarations 🐘 by @nunomaduro in laravel#421

Fixed

  • Fix error while preparing PasswordResetResponse with views turned off by @leonkllr0 in laravel#433

v1.14.1 - 2022-12-09

Changed

v1.14.0 - 2022-11-23

Added

  • Add more Response contract bindings by @bdsumon4u in laravel#425

v1.13.7 - 2022-11-04

Changed

  • Update parameter order for hash_equals function in TwoFactorLoginRequest by @jayan-blutui in laravel#422

Fixed

  • Use boolean rather than filled for remember by @Codeatron5000 in laravel#423

v1.13.6 - 2022-11-01

Fixed

  • Fix error message when entering invalid 2fa code by @emargareten in laravel#415
  • Use Fortify username method on ConfirmPassword action by @jayan-blutui in laravel#420

v1.13.5 - 2022-10-21

Changed

  • Add and use constants for session flashes by @dwightwatson in laravel#409
  • Use current_password rule when changing password by @dwightwatson in laravel#410
  • Parameters order with hash_equals by @chivincent in laravel#411

v1.13.4 - 2022-09-30

Fixed

v1.13.3 - 2022-08-16

Changed

  • Return recovery errors under the recovery_code key by @jessarcher in laravel#401

v1.13.2 - 2022-08-09

Fixed

  • Fix second usage of 2FA code by @xwillq in laravel#399

v1.13.1 - 2022-07-05

Fixed

  • Call FailedTwoFactorLoginResponse::toResponse with TwoFactorLoginRequest by @ricklambrechts in laravel#395

v1.13.0 - 2022-05-05

Added

  • Added config option for custom OTP window by @robtesch in laravel#385

v1.12.0 - 2022-03-29

Changed

Fixed

  • Fix double error message for failed 2FA response by @driesvints in laravel#369

v1.11.2 - 2022-03-08

Fixed

  • Ensures route password.confirm is defined when not using views by @Frozire in laravel#368

Security

  • Cache 2FA token timestamp by @driesvints in laravel#366

v1.11.1 - 2022-02-24

Fixed

  • Fix Exception when sending empty 2FA confirmation code by @srdante in laravel#361
  • Unsupported operand types on rollback migration by @Jackpump in laravel#362

v1.11.0 - 2022-02-22

Changed

  • Include the otpauth url when retrieving the QR svg by @JanMisker in laravel#356
  • Confirmable 2FA by @taylorotwell in laravel#358

Fixed

  • Fix incorrect key for error bag by @vaibhavpandeyvpz in laravel#360

v1.10.2 - 2022-02-08

Changed

  • Prevent new login after 2FA challenge (#353)

Security

  • Fix throttle bypass exploit (#354)

v1.10.1 - 2022-02-01

Changed

  • Fix VerifyEmailResponse resolving (#349)

Added

  • Add VerifyEmailResponse contract (#347)

Changed

  • Switch to anonymous migrations (#348)

Changed

  • Add 2fa Events (#338)
  • Laravel 9 support (#340)

Changed

  • Customise the auth middleware name (#335)

Fixed

  • Check if authenticated user has 2FA enabled (#334)

Fixed

  • Fix an issue with array to string conversion (#333)

Changed

  • Use boolean rather than filled for remember (#328)

Changed

  • Add a check for two factor auth being enabled (#323)

Changed

  • Allow verification rate limiter to be configurable (#313)

Changed

  • Allow reset password redirect (#307)

Added

  • Redirection customization (#298)
  • Add ReplacedRecoveryCode event (#301)

Fixed

  • Fix auth guard (#296)

Changed

Changed

  • Cleanup code (#261)
  • Returns JSON response (#267)
  • Naming 2FA routes (#269)

Changed

  • Restrict guest Middleware to Fortify's guard (#258)

Fixed

  • Remove password confirmation requirement for reset password (#254)

Fixed

  • Better way of validating credentials (#248)
  • Use configured username property for qr code url (#249)

Fixed

  • Require password and confirmation (#245)

Fixed

Fixed

  • Redirect to intended URL after registration (#222)

Fixed

  • Fix password rule (#211)
  • Adds a missing scenario for the password rule (#213)

Fixed

  • Move route outside $enableViews (#203)

Fixed

  • Fix missing current password (#194)

Security

  • Revert "Retrieve user through provider" (#195)

Changed

  • Retrieve user through provider (#189)

Fixed

  • Tweak how rate limiting is implemented (8609af2)
  • Fix Two Factor prepare auth session (#181)

Fixed

  • Fix route prefix (#152)
  • Fire Failed events (#154)

Changed

  • Add the prefix and domain configuration options (#143)
  • Change how feature options are stored to work with config caching (b2430958)

Fixed

  • Fix 2FA disabled routes via views config (#142)

Added

Changed

  • Redirect to intended URL after email verification (#119)
  • Only use two factor action when enabled (#127)

Added

  • Add FailedTwoFactorLoginResponse contract (#106)

Changed

  • Redirect to intended after two factor login (#105)
  • Allow Fortify views to accept Responsable objects (#107)
  • Use the Rule::unique for new user validation (#108)

Added

  • Add attempts method to rate limiter (#85)
  • Add name to Profile update and Password update routes (#89)

Fixed

  • Fix for empty password during confirmation (#87)

Added

  • Add option to force the password to have a special character (#65)

Fixed

  • Allow 'confirmPasswordView' to use view prefixes (#71)
  • Send JSON response if request is an AJAX request (#75)

Fixed

  • Fix flawed logic in the UpdateUserProfileInformation action (#68, fea6473, 91518af)

Changed

Fixed

  • Fix test bug when use sqlite database (#69)

Added

  • Allow the expected email address request variable to be changed (#28)
  • Update configuration stub with middleware option (#55)

Changed

  • Make routes more dynamic (#41)
  • Add illuminate/support dependency (#46)
  • Resend email verification after user update (#52, 951d943)

Fixed

  • Only register two-factor-challenge routes if TFA feature enabled (#44)
  • Added missing request to the throwFailedAuthenticationException method (#61)

Added

Changed

  • Switch the TwoFactorLoginResponse for a contract bound in container (#34)
  • Enable password confirmation (9e9d154)

Changed

  • Extract ConfirmPassword action (a9e68f2)

Fixed

  • Update what is passed to custom callback (9215e54)

Added

Fixed

  • Pass request through to the callback (#21)

Added

  • Allow granular authentication customization (cd8b6aa)

Added

  • Allow full customization of authentication pipeline (6c36b08)

Changed

  • Use PasswordValidationRules trait in CreateNewUser action (#18)
  • Callable customization of any view (661d726)

Initial stable release.