CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Unreleased

• Breaking Changes
  • None
• Added
  • None
• Fixed
  • None

6.4.3 (2023-12-17)

• Breaking Changes
  • None
• Added
  • Rubygems MFA requirement for authors added to gemspec.
• Fixed
  • #767 - Adds support for Rails 7.1
  • #769 - Fixed GH workflow

6.4.2 (2021-12-21)

• Breaking Changes
  • None
• Added
  • None
• Fixed
  • #743 - Fixed deprecation warning in Rails 7 re: ActiveRecord::Base.default_timezone
  • #745 - Fixed more deprecation warnings in Rails 7

6.4.1 (2021-02-22)

• Breaking Changes
  • None
• Added
  • Authlogic::Session::Base.session_fixation_defense - Reset the Rack session ID after authentication, to protect against Session Fixation attacks. (https://guides.rubyonrails.org/security.html#session-fixation) Default: true
• Fixed
  • None

6.4.0 (2020-12-22)

• Breaking Changes
  • None
• Added
  • #734 - Support for string cookies when using TestCase and friends
• Fixed
  • None

6.3.0 (2020-12-17)

• Breaking Changes
  • None
• Added
  • #733 - Rails 6.1 support
  • find_by_login_method is deprecated in favor of record_selection_method, to avoid confusion with ActiveRecord's "Dynamic Finders".
• Fixed
  • #726 - Thread safety in Authlogic::Session::Base.klass_name

6.2.0 (2020-09-03)

• Breaking Changes
  • None
• Added
  • #684 - Use cookies only when available. Support for ActionController::API
• Fixed
  • #725 - NoMethodError when setting sign_cookie or encrypt_cookie before controller is defined.

6.1.0 (2020-05-03)

• Breaking Changes
  • None
• Added
  • #666 - Forwardported Authlogic::Session::Cookies.encrypt_cookie option
  • #723 - Option to raise a Authlogic::ModelSetupError when your database is not configured correctly.
• Fixed
  • None

6.0.0 (2020-03-23)

• Breaking Changes, Major

  • There is no longer a default crypto_provider. We still recommend SCrypt, but don't want users of other providers to be forced to install it. You must now explicitly specify your crypto_provider, eg. in your user.rb.

    acts_as_authentic do |c|
      c.crypto_provider = ::Authlogic::CryptoProviders::SCrypt
    end
    

    To continue to use the scrypt gem, add it to your Gemfile.

    gem "scrypt", "~> 3.0"
    

• Breaking Changes, Minor

  • To set your crypto provider, you must use crypto_provider=, not crypto_provider. The arity of the later has changed from -1 (one optional arg) to 0 (no arguments).

• Added

  • #702 - The ability to specify "None" as a valid SameSite attribute

• Fixed

  • #686 - Respect the log_in_after_create setting when creating a new logged-out user
  • #668 - BCrypt user forced to load SCrypt
  • #697 - Add V2 CryptoProviders for MD5 and SHA schemes that fix key stretching by hashing the byte digests instead of the hex strings representing those digests

• Dependencies

  • Drop support for ruby 2.3 (reached EOL on 2019-04-01)

Previous major version

See eg. the 5-1-stable branch