Skip to content

v0.17.0

Choose a tag to compare

View all tags
@kuoruan kuoruan released this 09 Apr 04:20
· 3 commits to main since this release
v0.17.0
8880e36

What's Changed

  • Update verdaccio packages by @esadakcam in #19
  • Implement atomic WebAuthn token retrieval (61a1ead)
  • Improve OpenID configuration discovery (7da942c)
  • Enhance plugin access control (0ba2974)

Security

  • Remove sensitive token logging (8d9f1d2)

    • Removed raw token information from debug outputs in Plugin, AuthCore, WebFlow, WebAuthFlow, and CliFlow modules
    • Prevents accidental exposure of authentication tokens in logs

  • Refactor CLI token execution (5d7006b)

    • Changed npm config command execution from shell-based (execSync) to argument-based (execFileSync)
    • Eliminates command injection vulnerabilities via query parameters
    • Improves security posture for CLI authentication workflows

New Contributors

Full Changelog: v0.16.0...v0.17.0

Contributors

esadakcam
Assets 2
Loading