A security extension for devise, meeting industry-standard security demands for web applications.
Full Changelog: https://github.com/devise-security/devise-security/compare/v0.17.0...v0.18.0
secure_validatable
to be overridden at a class or instance level (#356)secure_validatable
(#356)email_equal_to_password
validation (#354)password_expiration
workflow (#340)devise
version (#334)email_equal_to_password
validation when email is nil
(#320)paranoid_verification_code/show.html.erb
and password_expired/show.html.erb
to use translations instead of hardcoded text (#115)Devise::PasswordExpiredController
(#111)password_archivable
(#68)Remove Ruby 2.2 support: https://github.com/devise-security/devise-security/pull/55
Remove Rails 4.1 support: https://github.com/devise-security/devise-security/pull/56 https://github.com/devise-security/devise-security/pull/57
Refactor Password Expirable: https://github.com/devise-security/devise-security/pull/45
Better documentation in generator file: https://github.com/devise-security/devise-security/pull/46
Support for Turkish locale: https://github.com/devise-security/devise-security/pull/38
Password complexity validation with ReDOS vulnerability: https://github.com/devise-security/devise-security/pull/31
Add frozen_string_literal: true
pragma: https://github.com/devise-security/devise-security/pull/34
Models now inherit from ApplicationRecord
: https://github.com/devise-security/devise-security/pull/30
Bump required Ruby version to 2.2.9: https://github.com/devise-security/devise-security/pull/28/ Fix for encrypted password being null: https://github.com/devise-security/devise-security/pull/25 Lower minimum rails to 4.1: https://github.com/devise-security/devise-security/pull/27/ Fixes deprecation warnings: https://github.com/devise-security/devise-security/pull/26 Update Password Archivable to use password_salt: https://github.com/devise-security/devise-security/pull/23 Rubocop cleanup: https://github.com/devise-security/devise-security/pull/21