Releases: scheb/2fa
Releases · scheb/2fa
Release list
v8.6.0
- Minor security fix: Compare codes with constant-time
hash_equals, #318, thanks to @ThePHPF for sharing - Minor security fix: Fix pre-poisoning of code-reuse cache, #317, thanks to @ThePHPF for sharing
- Honor post-success listeners that may block authentication, #213, #316, thanks to @giosh94mhz
A minor behavioral change has been introduced: Two-factor providers have been flagged "completed" on the TwoFactorToken immediately after the code was validated. Now, the provider is only flagged, once all post-success listeners have executed.
v7.14.0
- Minor security fix: Compare codes with constant-time
hash_equals, #318, thanks to @ThePHPF for sharing - Minor security fix: Fix pre-poisoning of code-reuse cache, #317, thanks to @ThePHPF for sharing
- Honor post-success listeners that may block authentication, #213, #316, thanks to @giosh94mhz
A minor behavioral change has been introduced: Two-factor providers have been flagged "completed" on the TwoFactorToken immediately after the code was validated. Now, the provider is only flagged, once all post-success listeners have executed.
v8.5.0
v8.4.0
v8.3.0
v8.2.0
- Bumped spomky-labs/otphp to at least version 11.4
getGoogleAuthenticatorUsernameandgetTotpAuthenticationUsernamecan now returnnull. If theservervalue is empty as well, you can have a record in the TOTP app with the issuer name only. Either issuer or username/server is required. #293
v8.1.0
v8.0.1
v7.13.1
v8.0.0
New major release including support for Symfony 8.
Major changes:
- Added validator for a user's 2fa authentication code, #295, thanks to @codedmonkey
- Priority of the two-factor authenticator has changed from
0to-100. Please make sure your authentication system is still working fine, especially when you're using custom (non-official) authenticators. You might need to adjust the priority of your custom authenticator. - Minimum PHP version is now 8.4
Please check the instructions to upgrade from bundle version 7.x to 8.x.