forked from torchbox-forks/wagtail-2fa
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGES
100 lines (72 loc) · 2.77 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
2.0.0 (2023-07-24)
=================
- Includes [217](https://github.com/labd/wagtail-2fa/pull/217)
- Includes [220](https://github.com/labd/wagtail-2fa/pull/220)
- Adds support for Wagtail v4.1+ upto v5.0
1.5.0 (2021-8-23)
=================
- Add support for Wagtail 2.13
- Prevent NoReverseMatch for URLs with required parameters (#52)
- Fix sandbox when running under Wagtail 2.12 (#120)
- Add TOTP URL to device form (#45)
- Drop support for Wagtail versions prior to 2.10
1.4.2 (2020-2-29)
=================
- switched staticfiles to static to bring Django 3+ support.
1.4.1 (2020-2-10)
=================
- Resolve possible vulnerability where users could delete
other users' 2FA devices
1.4.0 (2020-2-4)
================
- Allow using other authentication backends
1.3.4 (2019-12-11)
==================
- Allow signing out on OTP authentication page (#36)
- Always require verification if user has a device (#37)
1.3.3 (2019-12-05)
==================
- Update django to 1.11.26 LTS
- Update django-otp to 0.7.4
1.3.2 (2019-12-04)
==================
- Fix bug: menu is unusable if 2FA is disabled in settings (#33)
1.3.1 (2019-12-04)
==================
- Add possibility to enable/disable 2fa via permisisons
1.3.0 (2019.11.26)
==================
- Add OtpRequiredMixin to enforce OTP checks in views
- Resolve possible vulnerabilities:
- [CWE-290](http://cwe.mitre.org/data/definitions/290.html)
- [CWE-20](http://cwe.mitre.org/data/definitions/20.html)
1.2.0 (2019-10-30)
==================
- Added missing deps for generation of the docs
- Added Microsoft Authenticator as example app and removed double space
- Allow admins to delete devices from user accounts
1.1.0 (2019-03-28)
==================
- Require the user to enter their password when creating a new token. This is
done based on feedback of a security test by an external company.
- Remove the "Manage 2FA button" on the user listing for now since that didn't
actually work. It always managed the devices of the current logged in user.
This will be added properly in a later version.
- Make the package compatible with django-hosts. The middleware initially
resolved a number of paths on start up time, this is now lazy.
- Update django-otp to version 5.2.0
- Update qrcode to version 6.1
1.0.1 (2019-01-18)
==================
- Add Dutch translations (#9)
- Add support for Wagtail running in a subdirectory (#10)
- Add WAGTAIL_2FA_OTP_TOTP_NAME for easier identification the site (#11)
- Update badges in README file (GitHub organisation rename)
0.1.0 (2018-05-26)
==================
- Require atleast Wagtail 2.1 for the new account management hooks
- Add information about how to add a device
- Added several unittests
0.0.1 (unreleased)
==================
- Created package