Skip to content

v5.0.3

Choose a tag to compare

View all tags
@steveiliop56 steveiliop56 released this 11 Mar 17:34
· 142 commits to main since this release
v5.0.3
9eb2d33
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Tinyauth v5.0.3

Warning

This release contains security fixes, please update as soon as possible.

This release addresses GHSA-xg2q-62g2-cvcm and GHSA-3q28-qjrv-qr39 discovered by @e1024x.

Fixes

  • Don't continue authentication on empty X-Forwarded-* headers.
  • Ensure user is logged in and not in the 2FA flow in the authorize endpoint
  • Ensure client ID matches the code entry before issuing a token

Technical

  • Update dependencies
  • Update translations

Please let me know of any issues so as I can fix them as soon as possible.

Contributors

e1024x
Assets 4
Loading