Skip to content

v1.16.0
Compare
Choose a tag to compare
@derekprior derekprior released this 02 Nov 22:45
· 411 commits to main since this release
v1.16.0
c6c1c62
This commit was signed with the committer’s verified signature. The key has expired.
derekprior Derek Prior
GPG key ID: 60D9C7F1019704B4
Expired
Learn about vigilant mode.

Security

  • Clearance users can now help prevent session fixation attacks by setting
    Clearance.configuration.rotate_csrf_on_sign_in to true. This will cause
    the user's CSRF token to be rotated on sign in and is recommended for all
    Clearance applications. This setting will default to true in Clearance 2.0.
    Clearance will emit a warning on each sign in until this configuration setting
    is explicitly set to true or false.

Full changelog

Assets 2
Loading