Sha256: f80134db6b8864bcd7e91f8373b9434704c4dc87de3a02c30a3402b222a1d6b5
Contents?: true
Size: 1.47 KB
Versions: 2
Compression:
Stored size: 1.47 KB
Contents
# CHANGELOG ## Unreleased ## 3.0.0 See `UPGRADING.md` for specific help with breaking changes from 2.x to 3.0.0. - Adds support for Devise 4. - Relax dependencies to allow attr_encrypted 3.x. - Blocks the use of attr_encrypted 2.x. There was a significant vulnerability in the encryption implementation in attr_encrypted 2.x, and that version of the gem should not be used. ## 2.2.0 - Use 192 bits, not 1024, as a secret key length. RFC 4226 recommends a minimum length of 128 bits and a recommended length of 160 bits. Google Authenticator doesn't accept 160 bit keys. ## 2.1.0 - Return false if OTP value is nil, instead of an ROTP exception. ## 2.0.1 No user-facing changes. ## 2.0.0 See `UPGRADING.md` for specific help with breaking changes from 1.x to 2.0.0. - Replace `valid_otp?` method with `validate_and_consume_otp!`. - Disallow subsequent OTPs once validated via timesteps. ## 1.1.0 - Removes runtimez activemodel dependency. - Uses `Devise::Encryptor` instead of `Devise.bcrypt`, which is deprecated. - Bump `rotp` dependency to 2.x. ## 1.0.2 - Makes Railties the only requirement for Rails generators. - Explicitly check that the `otp_attempt` param is not nil in order to avoid 'ROTP only verifies strings' exceptions. - Adding warning about recoverable devise strategy and automatic `sign_in` after a password reset. - Loosen dependency version requirements for rotp, devise, and attr_encrypted. ## 1.0.1 - Add version requirements for dependencies. ## 1.0.0 - Initial release.
Version data entries
2 entries across 2 versions & 1 rubygems
Version | Path |
---|---|
devise-two-factor-3.0.1 | CHANGELOG.md |
devise-two-factor-3.0.0 | CHANGELOG.md |