Skip to content

Releases: WordPress/two-factor

@kasparsd kasparsd
0.7.2
90a86f7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: 4AEE18F83AFDEB23
Learn about vigilant mode.
Compare
Choose a tag to compare

Version 0.7.2 (Security Improvement)

Latest
Latest
  • Security improvement: Store the second factor authentication step nonce hashed to prevent leaking it via database read access #453. Props to @calvinalkan for reporting the issue.
  • Fix: Add wp_specialchars_decode() to escape the HTML entity on the Email Subject line (#412), props @nbwpuk.
  • Fix: Use hash_equals() when comparing the email token (#425), props @Mati02K.
  • Tooling: Introduce @wordpress/env for development tooling and move to GitHub actions for CI (#436).

Assets

2
@kasparsd kasparsd
0.7.1
ff6b358
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: 4AEE18F83AFDEB23
Learn about vigilant mode.
Compare
Choose a tag to compare

Version 0.7.1

  • Update the login_header() and login_footer() methods to match the WP core (see ), props @cfaria.
  • Mark as compatible with WordPress 5.8.

Contributors

cfaria

Assets

2
@kasparsd kasparsd
0.7.0
736473e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: 4AEE18F83AFDEB23
Learn about vigilant mode.
Compare
Choose a tag to compare

Version 0.7.0

  • Fix: improve time-based one-time (TOTP) autofill when using password managers like 1Password, see #373. Props @omelhus.
  • Fix: allow spaces in email code input and strip them away before processing, see #379. Props @shay1383.
  • Fix: remove references to Google Authenticator app since there are a lot more TOTP authenticators these days, see #367. Props @r-a-y.
  • Fix: register FIDO U2F related scripts during the suggested action hooks to avoid PHP noticed, see #356 and #368. Props @cojennin.
  • Rename and deprecate action and filter names two-factor-user-options- and two-factor-totp-time-step-allowance that don't following the WP coding standards. Use two_factor_user_options_ and two_factor_totp_time_step_allowance now. See #363. Props @paulschreiber.
  • Update codebase to match the WordPress coding standards, see #340. Props @paulschreiber.
  • Add tooling to run PHPUnit tests locally during development, see #355. Props @kasparsd.

Assets

2
@kasparsd kasparsd
0.7.0-rc.1
a2d3d22
Compare
Choose a tag to compare

Version 0.7.0-rc.1

Pre-release
Pre-release
  • Update codebase to match the WordPress coding standards, see #340. Props @paulschreiber.
  • Add tooling to run PHPUnit tests locally during development, see #355. Props @kasparsd.

Assets

2
@kasparsd kasparsd
0.6.0
529c973
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: 4AEE18F83AFDEB23
Learn about vigilant mode.
Compare
Choose a tag to compare

Version 0.6.0

  • Security fix: escape the U2F key value when doing the key lookup in database during login. Props @mjangda from WordPress VIP. See #351.

  • New feature: invalidate email tokens 15 minutes after they were generated. Use the two_factor_token_ttl filter to override this time-to-live interval. See #352.

  • Document some of the available filters.

Assets

2
@kasparsd kasparsd
0.5.2
9b6e838
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: 4AEE18F83AFDEB23
Learn about vigilant mode.
Compare
Choose a tag to compare

Version 0.5.2

  • Bugfix: saving standard user profile fields no longer resets the time-based-password key, see #341.
  • Bugfix: remove spaces around authentication codes before verifying them, see #339 (props @paulschreiber).
  • Bugfix: allow admins to configure FIDO U2F keys for other users, see #349.
  • Enable the "Dummy" authenticator method only when WP_DEBUG is set since we don't want regular users using it.
  • New: Add an two_factor_user_authenticated action when the user is logged-in after the second factor has been verified, see #324 (props @Kubitomakita).
  • New: Add two_factor_token_email_subject and two_factor_token_email_message filters to customize the email code subject and body, see #345 (props @christianc1).
  • Update the reference article URL in the readme files to account for domain change, see #332 (props @todeveni).

Assets

2
@kasparsd kasparsd
0.5.1
57faccc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: 4AEE18F83AFDEB23
Learn about vigilant mode.
Compare
Choose a tag to compare

Version 0.5.1

  • Security fix: invalidate the session token used for the first password-based authentication, props @aapost0l.
  • Typo fixes in code comments, props @akkspros.

Assets

2
@kasparsd kasparsd
0.5.0
8f89355
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: 4AEE18F83AFDEB23
Learn about vigilant mode.
Compare
Choose a tag to compare

Version 0.5.0

  • Add a compatibility layer for Jetpack Secure Sign On to support longer session cookies, see #276. Props @pyronaur.
  • Fix spelling errors in code comments, see #318. Props @akkspros.
  • Add license file, #313. Props @axelsimon.
  • Bump the supported version of PHP to 5.6 to match the WordPress core.

Assets

2
@kasparsd kasparsd
0.4.8
03f1354
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: 4AEE18F83AFDEB23
Learn about vigilant mode.
Compare
Choose a tag to compare

Version 0.4.8

  • Mark as tested with WordPress 5.3.
  • Add a screenshot with email code authentication prompt.
  • Update development tooling versions.

Assets

2
@kasparsd kasparsd
0.4.7
1354d5a
Compare
Choose a tag to compare

Version 0.4.7

  • Introduce a two_factor_totp_title filter to allow TOTP title to be changed, see #294 (props @BrookeDot).
  • Mark as tested with WordPress 5.2.

Assets

2