Sha256: 1db0d0070dfce9a751677c415d5a7c1682ca802a48b31ad422f2407711f161d6

Contents?: true

Size: 518 Bytes

Versions: 14

Compression:

Stored size: 518 Bytes

Contents

### 0.10.4 (18/09/2022)

#### Bugfixes

* refresh token lookups are now scoped by application.

This bug meant that lookups of refresh token via the refresh token grant were not scoped by the application identified by the `/token` request credentials, so grant hijacking could happen in theory, if attackers knew of existing refresh tokens.

The same issue was observed (and fixed) for token revocation (this time involving the access token).

* Fix for a case which made resource indicators unusable under Rack 3.0 .

Version data entries

14 entries across 14 versions & 1 rubygems

Version Path
rodauth-oauth-1.6.3 doc/release_notes/0_10_4.md
rodauth-oauth-1.6.2 doc/release_notes/0_10_4.md
rodauth-oauth-1.6.0 doc/release_notes/0_10_4.md
rodauth-oauth-1.5.0 doc/release_notes/0_10_4.md
rodauth-oauth-1.4.0 doc/release_notes/0_10_4.md
rodauth-oauth-1.3.2 doc/release_notes/0_10_4.md
rodauth-oauth-1.3.1 doc/release_notes/0_10_4.md
rodauth-oauth-1.3.0 doc/release_notes/0_10_4.md
rodauth-oauth-1.2.0 doc/release_notes/0_10_4.md
rodauth-oauth-1.1.0 doc/release_notes/0_10_4.md
rodauth-oauth-1.0.0 doc/release_notes/0_10_4.md
rodauth-oauth-1.0.0.pre.beta2 doc/release_notes/0_10_4.md
rodauth-oauth-1.0.0.pre.beta1 doc/release_notes/0_10_4.md
rodauth-oauth-0.10.4 doc/release_notes/0_10_4.md