Skip to content

v2.4.5

Choose a tag to compare

@github-actions github-actions released this 21 May 03:34

v2.4.5

Dependency-refresh + README polish release. No plugin behavior changes — DLL functionally identical to v2.4.4. In-place upgrade.

Dependency bumps (via Dependabot)

CI / GitHub Actions:

  • actions/checkout 5.0.1 → 6.0.2
  • actions/setup-dotnet 4.3.1 → 5.2.0
  • actions/attest-build-provenance 2.4.0 → 4.1.0
  • sigstore/cosign-installer 3.9.1 → 4.1.2
  • github/codeql-action/* 3.30.x → 4.35.5 (applied as a coordinated bump after Dependabot's grouped PR shipped an inconsistent diff — see commit history)

Test dependencies:

  • Microsoft.NET.Test.Sdk 17.12.0 → 18.5.1

README + topics

  • Test-count badge corrected from 125 → 150 (it had been stale since v2.4.0 added the HIBP + challenge-store test batch).
  • GitHub repo topics expanded: added passkey, webauthn, oidc, sso, fido2 alongside the existing authentication, csharp, dotnet, jellyfin, jellyfin-plugin, mfa, security, self-hosted, totp, two-factor-authentication.

Repo-level security toggles

Enabled earlier in the v2.4.4 cycle, surfaced here for users browsing the catalog:

  • Dependabot vulnerability alerts: on
  • Dependabot automated security fixes: on (auto-PR creation for CVEs)
  • Dependabot version updates now also cover the fuzz project + .clusterfuzzlite/ Docker references
  • Secret scanning + push-protection: on

Upgrade

In-place. No config or behavior changes.

Package checksums

  • MD5: see Jellyfin.Plugin.TwoFactorAuthv2.4.5.0.md5
  • SHA256: see Jellyfin.Plugin.TwoFactorAuthv2.4.5.0.sha256

Sigstore-signed + SLSA-attested. Verify with cosign verify-blob or gh attestation verify.