Skip to content

Releases: WordPress/two-factor

Version 0.14.0

03 Jul 17:20
@kasparsd kasparsd
0.14.0
b27381a
This commit was created on GitHub.com and signed with GitHubโ€™s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.14.0 Latest
Latest

Changelog

Features:

  • Enable Application Passwords for REST API and XML-RPC authentication (by default) by @joostdekeijzer in #697 and #698. Previously this required two_factor_user_api_login_enable filter to be set to true which is now the default during application password auth. XML-RPC login is still disabled for regular user passwords.
  • Label recommended methods to simplify the configuration by @kasparsd in #676 and #675

Documentation:

Tooling:

  • Remove duplicate WP.org screenshots and graphics from SVN trunk by @jeffpaul in #683

New Contributors

Full Changelog: 0.13.0...0.14.0

Contributors

kasparsd, joostdekeijzer, and jeffpaul
Assets 3
Loading

Version 0.13.0

02 Apr 14:32
@kasparsd kasparsd
0.13.0
06bfe12
This commit was created on GitHub.com and signed with GitHubโ€™s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.13.0

What's Changed

  • Add two_factor_providers_for_user filter to limit two-factor providers available to each user by @kasparsd in #669
  • Update automated testing to cover PHP 8.4 and default to PHP 8.3 by @BrookeDot in #665

Full Changelog: 0.12.0...0.13.0

Contributors

BrookeDot and kasparsd
Loading

Version 0.12.0

14 Feb 11:40
@kasparsd kasparsd
0.12.0
d2413eb
Compare
Choose a tag to compare
Version 0.12.0

What's Changed

  • Simplify the Two Factor settings in user profile by @kasparsd in #654
  • Fix PHP 8.4 Implicitly marking parameter $previous as nullable is deprecated by @BrookeDot in #664

Full Changelog: 0.11.0...0.12.0

Contributors

BrookeDot and kasparsd
Loading

Version 0.11.0

09 Jan 12:26
@kasparsd kasparsd
0.11.0
80e76ef
This commit was created on GitHub.com and signed with GitHubโ€™s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.11.0

What's Changed

  • Remove duplicate two_factor_providers filter calls to allow disabling core providers by @kasparsd in #651
  • Encourage setting up a second recovery method by @kasparsd in #642
  • Focus in code input when totp is checked by @thrijith in #645
  • Add autocomplete "one-time-code" attribute by @stefanmomm in #657
  • Add filters for email token and backup code length by @kasparsd in #653
  • Enable TOTP method when method is configured by @kasparsd in #643

New Contributors

Full Changelog: 0.10.0...0.11.0

Contributors

kasparsd, stefanmomm, and thrijith
Loading

Version 0.10.0

02 Dec 10:04
@kasparsd kasparsd
0.10.0
990c967
This commit was created on GitHub.com and signed with GitHubโ€™s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.10.0

What's Changed

Major Changes

  • Bump minimum WP to 6.3, minimum PHP to 7.2. by @dd32 in #625

Fixes and Features

Dependency Updates

New Contributors

Full Changelog: 0.9.1...0.10.0

Contributors

kasparsd, dd32, and 6 other contributors
Loading

Version 0.9.1

25 Apr 20:04
@kasparsd kasparsd
0.9.1
1828c55
This commit was created on GitHub.com and signed with GitHubโ€™s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.9.1

What's Changed

  • Remove trailing commas in parameters to avoid syntax error with some PHP versions (ex. 7.2.x) by @KZeni in #604
  • Ensure PHP 5.6+ support during CI to avoid breaking changes by @kasparsd in #605

Full Changelog: 0.9.0...0.9.1

Contributors

KZeni and kasparsd
Loading

Version 0.9.0

25 Apr 10:09
@kasparsd kasparsd
0.9.0
dc27957
This commit was created on GitHub.com and signed with GitHubโ€™s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.9.0

This is a large release with lots of changes and improvements to how the two-factor data is processed.

Notable Changes

  • Users are now asked to re-authenticate with their two-factor before making changes to their two-factor settings #529. This builds on #528 which associates each login session with the two-factor login meta data for improved handling of that session.

Full Changelog

  • Fix typo by @pkevan in #551
  • Add a filter to filter the classname used for a provider by @dd32 in #546
  • Bump tested up to version by @av3nger in #552
  • Store the two-factor details in the user session at login time by @dd32 in #528
  • Bump guzzlehttp/psr7 from 2.4.3 to 2.5.0 by @dependabot in #555
  • Use simpler/less-technical wording and UI. by @dd32 in #521
  • Fixing bug where Super Admins cannot setup Time Based One-Time Password as first Two Factor option on WP VIP by @spenserhale in #560
  • Enqueue jQuery and wp.apiRequest for use within callbacks. by @dd32 in #561
  • Revalidate two factor settings prior to allowing any two-factor changes to an account. by @dd32 in #529
  • ReAuth: resolve fatal, code cleanup by @dd32 in #567
  • Sync two-factor session meta to newly created sessions by @dd32 in #574
  • Require a nonce be present for revalidate POST requests. by @dd32 in #575
  • Bump tough-cookie from 4.1.2 to 4.1.3 by @dependabot in #579
  • Destroy existing sessions when activating 2FA. by @dd32 in #578
  • Bump version identifier by @iandunn in #588
  • Add method to disable an individual provider by @iandunn in #587
  • issue/594 - Prefer "require_once" in a few spots. by @JJJ in #595
  • Update readme.txt by @bph in #597
  • Bump postcss from 8.4.17 to 8.4.31 by @dependabot in #589
  • Bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in #582
  • Release 0.9.0 by @kasparsd in #603

New Contributors

Full Changelog: 0.8.2...0.9.0

Contributors

bph, JJJ, and 7 other contributors
Loading

Version 0.8.2

04 Sep 20:38
@iandunn iandunn
0.8.2
2d4b9ec
This commit was signed with the committerโ€™s verified signature.
iandunn Ian Dunn
GPG key ID: 99B971B50343CBCB
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.8.2

Includes the following changes

Full Changelog: 0.8.1...0.8.2

Loading

Version 0.8.1

27 Mar 16:36
@iandunn iandunn
0.8.1
8f73d27
This commit was created on GitHub.com and signed with GitHubโ€™s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.8.1

Includes the following changes 0.8.0...8f73d27

  • Remove unnecessary comma to fix fatal error on PHP 7.2 #547
Loading

Version 0.8.0

27 Mar 09:12
@kasparsd kasparsd
0.8.0
2fa64f6
This commit was created on GitHub.com and signed with GitHubโ€™s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.8.0

Includes the following changes 0.7.3...2fa64f6.

  • Reduce the login nonce expiration from 60 minutes to 10 minutes by default, and include user ID in the login nonce to make them unique #473.
  • Replace QR generation for TOTP secrets with local Javascript tooling instead of Google Charts API #487 and #495.
  • Fix Backup code download with quotes in translations #494.
  • Block sending authentication cookies upon 2FA login #502.
  • Backup Codes: Always generate 10 codes via REST #514.
  • TOTP: Enforce single-use of TOTP one-time passwords #517.
  • Add rate limiting to two factor attempts #510.
  • Core: Reset compromised passwords after 2FA failures #482.
  • Document the TOTP Filters, add Issuer filter #530.
  • Support login-by-email in maybe_show_reset_password_notice() #532.
  • Be more tolerant of user input for auth codes #518.
  • Standardise on int|WP_User input to the "for user" functions #535.
Loading