Devise Security Versions Save

A security extension for devise, meeting industry-standard security demands for web applications.

v0.18.0

1 year ago

What's Changed

New Contributors

Full Changelog: https://github.com/devise-security/devise-security/compare/v0.17.0...v0.18.0

v0.17.0

2 years ago

New Features

  • Allow settings in secure_validatable to be overridden at a class or instance level (#356)
  • Add new setting for password complexity validator in secure_validatable (#356)
  • Allow redirect routes to be customized (#316)
  • Add Bulgarian (bg) translations (#327)

Bug Fixes & Maintenance

  • Fix translations for digits vs digit and symbols vs symbol (#345)
  • Performance fixes for email_equal_to_password validation (#354)
  • Fix duplicate error messages in password_expiration workflow (#340)
  • Unlock devise version (#334)
  • Ensure passwords are not subject to another order when storing (#289)
  • Only show "blank" error if password is missing (#342)
  • Fix for email_equal_to_password validation when email is nil (#320)

v0.16.0

3 years ago

New Features

  • Add validation to ensure password does not match email to secure_validatable (#277)

Bug Fixes & Maintenance

  • Change name of initializer file to match Rubocop default settings (#245)
  • Separate positional and keyword arguments (#260)

Deprecations

  • Dropped support for Rails 4.2 (#300)
  • Cleaned up extra Rails 4.x code (#254)
  • Remove deprecated schema files for old Mongoid versions (#296)

v0.15.0

3 years ago

New Features

  • Add Traditional Chinese (zh_TW) translations (#244)
  • Add Czech (cs) translations (#242)
  • Add Hindi (hi) translations (#241)
  • Add Farsi (fa) translations (#240)
  • Add Belarusian (be_By) translations (#236)
  • Add Simplified Chinese (zh_CN) translations (#235)
  • Add Ukrainian (uk_UA) translations (#233)
  • Add Portuguese (pt) translations (#223)
  • Add Dutch (nl) translations (#196)
  • Add Russian (ru) translations (#128)
  • Add missing German (de) translations (#123)
  • Update paranoid_verification_code/show.html.erb and password_expired/show.html.erb to use translations instead of hardcoded text (#115)
  • Allow flexible API response on Devise::PasswordExpiredController (#111)

Bug Fixes & Maintenance

  • Reduce gem size (#248)
  • Update to Spanish (es) translations (#234)
  • Update for Italian (it) translations (#229)
  • Remove requirement to include entirety of Rails ecosystem (#219)
  • Password Expirable bugfix (#201)
  • Fix spelling mistake in English (en) translations (#190)
  • Fix attribute_changed? deprecation warning (#174)
  • Update for German (de) translations (#126)
  • Add deprecation warnings for Rails 4.2 (#124)
  • Fix typo for Japan (ja) translations (#117)

Deprecations

v0.14.3

4 years ago

New Features

  • N/A

Bug Fixes & Maintenance

  • Fixes for problems caused because some modules that needed the compatibility module didn't explicitly include them. (#107)

v0.14.2

4 years ago

New Features

  • N/A

Bug Fixes & Maintenance

  • Fixes problem with name resolution caused by ORM compatibility modules (#103 & #104)

v0.14.1

5 years ago

New Features

  • N/A

Bug Fixes & Maintenance

  • Getting "Uninitialized DEVISE_ORM" during install (#99)

v0.14.0

5 years ago

New Features

  • Mongoid support (#76)
  • Add Japanese (ja) translations (#69)

Bug Fixes & Maintenance

  • Fix mongoid index issue (#93)
  • Updates to German translations (#88)
  • Require minimum devise version of 4.3.0 (#83)
  • Remove mass assignment from password_archivable (#68)
  • Loosen ruby requirement (#67)

v0.13.0

5 years ago

Remove Ruby 2.2 support: https://github.com/devise-security/devise-security/pull/55 Remove Rails 4.1 support: https://github.com/devise-security/devise-security/pull/56 https://github.com/devise-security/devise-security/pull/57 Refactor Password Expirable: https://github.com/devise-security/devise-security/pull/45 Better documentation in generator file: https://github.com/devise-security/devise-security/pull/46 Support for Turkish locale: https://github.com/devise-security/devise-security/pull/38 Password complexity validation with ReDOS vulnerability: https://github.com/devise-security/devise-security/pull/31 Add frozen_string_literal: true pragma: https://github.com/devise-security/devise-security/pull/34 Models now inherit from ApplicationRecord: https://github.com/devise-security/devise-security/pull/30

v0.12.0

6 years ago

Bump required Ruby version to 2.2.9: https://github.com/devise-security/devise-security/pull/28/ Fix for encrypted password being null: https://github.com/devise-security/devise-security/pull/25 Lower minimum rails to 4.1: https://github.com/devise-security/devise-security/pull/27/ Fixes deprecation warnings: https://github.com/devise-security/devise-security/pull/26 Update Password Archivable to use password_salt: https://github.com/devise-security/devise-security/pull/23 Rubocop cleanup: https://github.com/devise-security/devise-security/pull/21