Bugfix and features
Contributors (21)
cmlara, Bhanu951, andy_w, jeroen_vreuls, BryanDeNijs, zopa, Jeslin.Shaji, tbsiqueira, markdorison, silverham, jcnventura, yeniatencio, dpi, vatsalkhanna, alecsmrekar, benjifisher, tannguyenhn, heshamkh, Marty2081, Chewi3, szato
Changelog
Issues: 20 issues resolved.
Changes since 8.x-1.2:
Security Fixes
- Access Bypass Through Replay Attacks (8.x-1.3)
- Authentication bypass when default plugin is not configured (8.x-1.4)
- SA-CONTRIB-2024-003 (8.x-1.5)
- Replay and Denial of Service vulnerability in HOTP plugin (8.x-1.6)
Bug
- #3412200 by cmlara: validateRequest() does not convert integers to zero padded strings before calling validate()
- #3386910 by Bhanu951, yeniatencio, cmlara: Authenticator links clean up
- #3350231 by alecsmrekar, cmlara: Error when trying to send email
- #2932071 by cmlara, benjifisher: Give more accurate feedback when canceling a plugin setup
- #3360319 by tannguyenhn: Operation link should be checked by current user
- #3333019 by cmlara, heshamkh, Marty2081, jcnventura: Incorrect plugin id check breaks plugins
- #3364126 by Chewi3: Cancel on disable form for other user redirects to the current user TFA overview
- #3351698: Typehint for TfaBasePlugin $alreadyAccepted should be bool
- #3370595 by szato: Show correct label for confirm password
Feature
- #3108099 by Bhanu951, andy_w, cmlara, jeroen_vreuls, BryanDeNijs, zopa, Jeslin.Shaji, tbsiqueira, markdorison: Redirect to validation setup after login without tfa
- #3381701 by Bhanu951, cmlara, silverham: Provide drush command to reset a user's TFA data
Task
- #3440400 by cmlara: Add drush as a development dependency
- #3412660 by cmlara: Restore Code Coverage reporting to GitLab CI Runs
- #3411989 by cmlara: D10.2.0 Cleanup
- #3396969: Public Followup for 8.x-1.3 security release.
- #3395250 by cmlara, jcnventura: Deprecate the services_tfa module
- #3396187: Update PHPStan Baseline
- #3393706: Cleanup new sniffs (automated)
- #3385051 by cmlara, dpi: Adopt GitlabCi
- #3089931 by vatsalkhanna, cmlara: Users are directed to TFA overview regardless of 'setup own tfa' permission
VCS Label
8.x-1.7
Core compatibility
Release type
Packaged Git sha1
8e08c39c736e8df39782d4cdb2518234df1bc036
Release files
ba2d40f0e23dcbe4c91da0983e9990c1
Release file SHA-1 hash
ecf0c6b831efab76c0dc9c190135850aa66b05ba
Release file SHA-256 hash
014ba1cea22226148f9b826223e04f926f68d93c6b0a44a747d5be29da87f3da
62ffde48c475c194e6a90e39dd81f627
Release file SHA-1 hash
a5e70d146da5bc44f97bfe6fbbda61cc8310fa87
Release file SHA-256 hash
a07d66105c9492246d1f22a9a8e4aa193e1f5924e856eae6d2b3a99225aa314f