Skip to content

Version 0.8.0
Compare
Choose a tag to compare
@kasparsd kasparsd released this 27 Mar 09:12
· 116 commits to master since this release
0.8.0
2fa64f6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Includes the following changes 0.7.3...2fa64f6.

  • Reduce the login nonce expiration from 60 minutes to 10 minutes by default, and include user ID in the login nonce to make them unique #473.
  • Replace QR generation for TOTP secrets with local Javascript tooling instead of Google Charts API #487 and #495.
  • Fix Backup code download with quotes in translations #494.
  • Block sending authentication cookies upon 2FA login #502.
  • Backup Codes: Always generate 10 codes via REST #514.
  • TOTP: Enforce single-use of TOTP one-time passwords #517.
  • Add rate limiting to two factor attempts #510.
  • Core: Reset compromised passwords after 2FA failures #482.
  • Document the TOTP Filters, add Issuer filter #530.
  • Support login-by-email in maybe_show_reset_password_notice() #532.
  • Be more tolerant of user input for auth codes #518.
  • Standardise on int|WP_User input to the "for user" functions #535.
Assets 3
Loading