Skip to content

Version 0.8.0

Compare
Choose a tag to compare
@kasparsd kasparsd released this 27 Mar 09:12
· 142 commits to master since this release
2fa64f6

Includes the following changes 0.7.3...2fa64f6.

  • Reduce the login nonce expiration from 60 minutes to 10 minutes by default, and include user ID in the login nonce to make them unique #473.
  • Replace QR generation for TOTP secrets with local Javascript tooling instead of Google Charts API #487 and #495.
  • Fix Backup code download with quotes in translations #494.
  • Block sending authentication cookies upon 2FA login #502.
  • Backup Codes: Always generate 10 codes via REST #514.
  • TOTP: Enforce single-use of TOTP one-time passwords #517.
  • Add rate limiting to two factor attempts #510.
  • Core: Reset compromised passwords after 2FA failures #482.
  • Document the TOTP Filters, add Issuer filter #530.
  • Support login-by-email in maybe_show_reset_password_notice() #532.
  • Be more tolerant of user input for auth codes #518.
  • Standardise on int|WP_User input to the "for user" functions #535.