Releases: thoughtbot/clearance
Releases · thoughtbot/clearance
v2.8.0
2.8.0 - August 9, 2024
Added
- Feature: Added allow_password_resets config option (#1019)
- Added dependabot (#1028)
- Added a dynamic workflow to update SECURITY.md to match thoughtbot's security template (5a5a625)
Fixed
- Fixed some deprecation warnings (#1018)
Thanks so much to our community contributors Jos O'shea (@whatnotery) and Karine Vieira (@karinevieira)! 🎉
v2.7.2
2.7.2 - June 28, 2024
Fixed
- Fix method redefinition and circular require issues (#1027)
- Fix validating email in strict mode (#976)
- Update the example config in README.md (#977)
Added
Removed
- Remove Hound README badge (#1020)
Thanks so much to our community contributors Alex Kholodniak (@kholdrex), Hamed Asghari (@hasghari), James Robey (@foucist), and Manuel Meurer (@manuelmeurer)! 🎉
v2.7.1
v2.7.0
v2.6.2
2.6.2 - January 15, 2024
Added
- Add CODEOWNERS file (#994)
- Add support for Rails 7.1 (#995) Samuel Giddens
- Add Ruby 3.2.2 to testing matrix (#991)
Fixed
- Fix typo in Clearance::Token docs (#1000) Gabe Berke-Williams
- Fix for setup & CI for Rails 7.1 support, update "MiniTest" to "Minitest", add handling for different versions of Rack::Utils.set_cookie_header!, remove deprecated active record handling in application.rb (#998)
- Fix broken thoughtbot logo on README.md
Changed
- Replace mentions of NEWS.md with CHANGELOG.md (#982)
- Update argon2 to v2.2.0 (#989) Georg Leciejewski
- Prefer literal hash creation notation (#984) Ivan Marynych
Thank you to our community contributors Samuel (@segiddins), Georg (@schorsch), Ivan (@loqimean), Gabe (@gabebw)!
v2.6.1
v2.5.0
[2.5.0] - September 10, 2021
Fixed
- Fix open redirect vulnerability
Changed
- Rename default branch to
main
v2.4.0
v2.3.1
Fixed
- Support for accessing Rails 6.x primary_key_type in generator.
- Fix password reset URLs when using a custom model
- Fix flaky test that relied on too specific time delta
- Revert case sensitivity for email uniqueness
- Bump nokogiri and actionview dependencies to address security vulnerabilities
v2.3.0
2.3.0 - August 14, 2020
Fixed
- Delete cookie correctly when a callable object is set as the custom domain
setting. - Strip
as
parameter when signing in through the back door. - Remove broken autoload for deprecated password strategies.
Changed
- Deliver password reset email inline rather than in the background.
- Remove unnecessary unsafe interpolation in erb templates.