Security
- backend:auth: centralize local password timing mitigation GHSA-29hq-23m2-2j47 (b80efe0)
Thanks to @456789TZ for reporting this. The mitigation against username enumeration via timing attacks has been completed.
Bug Fixes
- auth: require step-up for app password mutations (db19b3e)
- backend:auth: invalidate WebDAV cache on app password deletion (6dae284)
- backend:sync: await usersManager.updateAccesses in 2FA recovery code validation (8f55344)
- docker: add editors section in
environment.yaml(1de3e09) - docker: add Euro-Office config to nginx volumes (a864684)
- frontend:files: add support for dynamic editor naming in OnlyOffice components and error handling (98031da)
Contributors
456789TZ