2FAuth - Package Updates
-
[1.7.1]
- Fix website link
-
[1.7.2]
- Update 2FAuth to 5.6.1
- Full Changelog
- issue #510 Composer 2.7+ blocks installation due to svg-sanitize advisory
-
[1.8.0]
- Update 2FAuth to 6.0.0
- Full Changelog
- 2FAuth can now fetch icons from offline icon packs. Visit the new Icon documentation page to learn how to set them up (#203).
- The sort order of 2FA accounts is saved to user preferences when changed from the Manage mode. This allows the account list to be reordered automatically after a new account is registered. (#377).
- Groups can be reordered (manually, from the Group management view) (#419).
- A new filter is available to only show 2FA accounts that do not belong to any group (#430).
- The Import feature now supports Bitwarden export (#501).
- Group names now accept single quote (#465).
- Upon logging out, users are now redirected to the last login form they used: Password, SSO or Webauthn. (#478).
- Catchable errors that occur during the sending of a test email are now displayed in the UI to help you understand what's going on.
- issue #447 Unable to import Google Authenticator.
- issue #464 Import error not correctly reported in the GUI.
-
[1.9.0]
- Update 2FAuth to 6.1.1
- Full Changelog
- issue #532 Unable to create new entries via the Advanced Form
- MR #526 Chinese Traditional translation, thanks to @olivertzeng
- MR #527 Allow pasting on upload page to add QR codes easily, thanks to @moritzuehlingo
BLOCK_OPTAUTH_IMAGELINK_FETCHING: Enable or disable fetching of resources linked in theimagelinkparameter of OTPauth URIs encoded in QR codes (doc).THROTTLE_API_DURING_IMPORT: Specific rate limite for API calls made by the Import feature to prevent429error during large import (doc, #522).- Mitigate blind SSRF by adding URL validation before imagelink resources are fetched (thx @DenizParlak). This comes with the new
BLOCK_OPTAUTH_IMAGELINK_FETCHINGenv var, which is set totrueby default. - Installation fails due to CVE-2025-45769 in transitive dependency firebase/php-jwt < 7.0.0 (via laravel/passport) (thx @MickLesk)
- [issue #509] manifest.json cannot be accessed through a reverse proxy
- [issue #516] Local iconsPack is greyout - cant be selected for item
- [issue #517] Typo: "recommanded" instead of "recommended"
-
[1.9.1]
- Update 2FAuth to 6.1.2
- Full Changelog
- Unwanted toolbar in the Group selector when moving accounts
-
[1.9.2]
- Update 2FAuth to 6.1.3
- Full Changelog
- issue #533 Try my luck feature is currently grayed out
- Some minor UI glitches
-
P Package Updates locked this topic on
-
[1.10.0]
- Update 2FAuth to 7.0.0
- Full Changelog
- 2FA sharing
- 2FA ownership transfer
- OTP generation log
- Expiration date of OAuth tokens in User Settings (#536).
- Dependency on the
APP_URLenvironment variable has been reduced. It is now possible to access the web app using a URL other than the one set inAPP_URL. Typically, this would be an internal URL, such as a local IP address. Important: Some features still rely onAPP_URLto work as expected. These include SSO (during redirections) and WebAuthn authentication. - issue #538 Search field gets focus when trying to select an account in Manage mode using keyboard
- issue #545 Case sensitivity in e-mail/uid-string during SSO authentication
- issue #546 Unencoded # in otpauth URI breaks decoding
-
[1.10.1]
- Update 2FAuth to 7.0.1
- Full Changelog
- issue #548 Sharing actions only available in "Show Password: After a Click/Tab" view, not obvious to users
-
[1.20.0]
- Update 2FAuth to 8.0.0
- Full Changelog
- Group switching can be done directly from the main view using chips
- The lengthy Settings and Admin pages now come with a quick navigation menu that lets you scroll directly to the desired section.
PHP_MEMORY_LIMIT_TEMP_OVERRIDE: Temporary PHP memory limit applied during QR code detection to preventexhausted memory error(doc).- Fix of a possible user impersonation and admin privilege escalation issue when using an authentication proxy (thx @Dokaoista).
- Fix of SSRF vulnerability via dns rebinding during imageLink resource fetching (thx @5ud0er / Tarmo Technologies).
- Block IPv6 NAT64 addresses in SSRF guard (thx @tonghuaroot).
- Fix missing authorization on share recipients endpoint allowing cross-user account enumeration (thx @de3erve-hunter).
- issue #540 Scan/Import QR Code Not working
- issue #543 Scan/Import Google Authentificator QR Code
- issue #549 Unshare action in Manage mode does not remove sharing
-
[1.20.1]
- Update 2FAuth to 8.0.1
- Full Changelog
- issue #558 docker container crashes while startup
- issue #561 Container fails to start when fixing Passport key permissions in rootless Docker
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login