Release Version 0.9.0 · WordPress/two-factor

This is a large release with lots of changes and improvements to how the two-factor data is processed.

Notable Changes

Users are now asked to re-authenticate with their two-factor before making changes to their two-factor settings #529. This builds on #528 which associates each login session with the two-factor login meta data for improved handling of that session.

Fix typo by @pkevan in #551
Add a filter to filter the classname used for a provider by @dd32 in #546
Bump tested up to version by @av3nger in #552
Store the two-factor details in the user session at login time by @dd32 in #528
Bump guzzlehttp/psr7 from 2.4.3 to 2.5.0 by @dependabot in #555
Use simpler/less-technical wording and UI. by @dd32 in #521
Fixing bug where Super Admins cannot setup Time Based One-Time Password as first Two Factor option on WP VIP by @spenserhale in #560
Enqueue jQuery and wp.apiRequest for use within callbacks. by @dd32 in #561
Revalidate two factor settings prior to allowing any two-factor changes to an account. by @dd32 in #529
ReAuth: resolve fatal, code cleanup by @dd32 in #567
Sync two-factor session meta to newly created sessions by @dd32 in #574
Require a nonce be present for revalidate POST requests. by @dd32 in #575
Bump tough-cookie from 4.1.2 to 4.1.3 by @dependabot in #579
Destroy existing sessions when activating 2FA. by @dd32 in #578
Bump version identifier by @iandunn in #588
Add method to disable an individual provider by @iandunn in #587
issue/594 - Prefer "require_once" in a few spots. by @JJJ in #595
Update readme.txt by @bph in #597
Bump postcss from 8.4.17 to 8.4.31 by @dependabot in #589
Bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in #582
Release 0.9.0 by @kasparsd in #603

Full Changelog: 0.8.2...0.9.0