Skip to content

v7.2.0
Compare
Choose a tag to compare
@mcollina mcollina released this 03 Jul 09:52
· 47 commits to master since this release
v7.2.0
b97cc9d
This commit was signed with the committer’s verified signature.
mcollina Matteo Collina
GPG key ID: 818674489FBC127E
Learn about vigilant mode.

Full Changelog: v7.1.1...v7.2.0

⚠️ Security Release ⚠️

This release fixes CVE-2023-31999 GHSA-g8x5-p9qc-cf95.

v7.2.0 changes the default behavior to store the OAuth2 state in a cookie with the http-only and same-site=lax attributes set. The state is now by default generated for every user.

Note that this contains a breaking change in the checkStateFunction function, which now accepts the full Request object.

Assets 2
Loading