2FAuth - Package Updates

Package Updates

[1.6.0]

• Update 2FAuth to 5.5.0
• Full Changelog
• It is now possible to define custom defaults for user preferences as well as to lock the preferences from being changed by users. This feature requires a bit of configuration, a dedicated page has been added to the documentation site to guide you through the process. (#413)
• A user preference to enable precalculation and display of the next OTP code.\
• Don't be surprised if you don't see the next code right after enabling this option, the code fades in slowly in order to maintain good readability of the current code. (#416)
• New languages: Danish, Dutch, Italian, Korean, Portuguese (Brazilian)
• The version number has been removed from the footer and from the About page for unauthenticated users. (#432)
• 2FAuth now starts searching as soon as the user starts typing, without having to explicitly give focus to the search field. (#441)

Package Updates

[1.6.1]

• Update 2FAuth to 5.5.2
• Full Changelog
• The Show next OTP user preference is enabled by default
• issue #472 QR scan reader blocked by csp

Package Updates

[1.7.0]

• Update 2FAuth to 5.6.0
• Full Changelog
• The Get official icon feature now includes two new icon providers, selfh.st and dashboardicons.com, as well as the ability to select a preferred variant or to switch between providers directly from the Advanced form. (#475).
• OPENID_HTTP_VERIFY_SSL_PEER: Enable or disable SSL peer verification during OpenID authentication process (doc).
• Personal Access Token (PAT) can be used when authentication is restricted to SSO only. This is particularly useful when you want to use the 2FAuth web extension. Check out the new Allow PAT usage setting in the Admin > Auth > SSO section (#474).
• issue #477 Steam OTP codes don't refresh when become invalid
• /api/v1/icons/default POST path added (doc).

Package Updates

[1.7.1]

• Fix website link

Package Updates

[1.7.2]

• Update 2FAuth to 5.6.1
• Full Changelog
• issue #​510 Composer 2.7+ blocks installation due to svg-sanitize advisory

Package Updates

[1.8.0]

• Update 2FAuth to 6.0.0
• Full Changelog
• 2FAuth can now fetch icons from offline icon packs. Visit the new Icon documentation page to learn how to set them up (#203).
• The sort order of 2FA accounts is saved to user preferences when changed from the Manage mode. This allows the account list to be reordered automatically after a new account is registered. (#377).
• Groups can be reordered (manually, from the Group management view) (#419).
• A new filter is available to only show 2FA accounts that do not belong to any group (#430).
• The Import feature now supports Bitwarden export (#501).
• Group names now accept single quote (#465).
• Upon logging out, users are now redirected to the last login form they used: Password, SSO or Webauthn. (#478).
• Catchable errors that occur during the sending of a test email are now displayed in the UI to help you understand what's going on.
• issue #447 Unable to import Google Authenticator.
• issue #464 Import error not correctly reported in the GUI.

Package Updates

[1.9.0]

• Update 2FAuth to 6.1.1
• Full Changelog
• issue #​532 Unable to create new entries via the Advanced Form
• MR #​526 Chinese Traditional translation, thanks to @​olivertzeng
• MR #​527 Allow pasting on upload page to add QR codes easily, thanks to @​moritzuehlingo
• BLOCK_OPTAUTH_IMAGELINK_FETCHING: Enable or disable fetching of resources linked in the imagelink parameter of OTPauth URIs encoded in QR codes (doc).
• THROTTLE_API_DURING_IMPORT: Specific rate limite for API calls made by the Import feature to prevent 429 error during large import (doc, #​522).
• Mitigate blind SSRF by adding URL validation before imagelink resources are fetched (thx @​DenizParlak). This comes with the new BLOCK_OPTAUTH_IMAGELINK_FETCHING env var, which is set to true by default.
• Installation fails due to CVE-2025-45769 in transitive dependency firebase/php-jwt < 7.0.0 (via laravel/passport) (thx @​MickLesk)
• [issue #​509] manifest.json cannot be accessed through a reverse proxy
• [issue #​516] Local iconsPack is greyout - cant be selected for item
• [issue #​517] Typo: "recommanded" instead of "recommended"

Package Updates

[1.9.1]

• Update 2FAuth to 6.1.2
• Full Changelog
• Unwanted toolbar in the Group selector when moving accounts

Package Updates

[1.9.2]

• Update 2FAuth to 6.1.3
• Full Changelog
• issue #​533 Try my luck feature is currently grayed out
• Some minor UI glitches

Package Updates

[1.10.0]

• Update 2FAuth to 7.0.0
• Full Changelog
• 2FA sharing
• 2FA ownership transfer
• OTP generation log
• Expiration date of OAuth tokens in User Settings (#536).
• Dependency on the APP_URL environment variable has been reduced. It is now possible to access the web app using a URL other than the one set in APP_URL. Typically, this would be an internal URL, such as a local IP address. Important: Some features still rely on APP_URL to work as expected. These include SSO (during redirections) and WebAuthn authentication.
• issue #538 Search field gets focus when trying to select an account in Manage mode using keyboard
• issue #545 Case sensitivity in e-mail/uid-string during SSO authentication
• issue #546 Unencoded # in otpauth URI breaks decoding

Package Updates

[1.10.1]

• Update 2FAuth to 7.0.1
• Full Changelog
• issue #548 Sharing actions only available in "Show Password: After a Click/Tab" view, not obvious to users