Pow v1.0.16 Release Notes
Release Date: 2020-01-07 // over 4 years ago-
Note: This release contains an important security fix.
✨ Enhancements
- [
PowPersistentSession.Plug.Cookie] Now supports:persistent_session_cookie_optsto customize any options that will be passed on toPlug.Conn.put_resp_cookie/4#365 - [
PowResetPassword.Phoenix.ResetPasswordController] Now usesPowResetPassword.Phoenix.Messages.maybe_email_has_been_sent/1with a generic response that tells the user the email has been sent only if an account was found #349 - [
PowResetPassword.Phoenix.ResetPasswordController] When a user doesn't exist will now return success message ifPowEmailConfirmationextension is enabled #349 - [
PowResetPassword.Phoenix.Messages] AddedPowResetPassword.Phoenix.Messages.maybe_email_has_been_sent/1and letPowResetPassword.Phoenix.Messages.email_has_been_sent/1fall back to it #349 - 0️⃣ [
PowEmailConfirmation.Phoenix.ControllerCallbacks] When a user tries to sign up and the email has already been taken the default e-mail confirmation required message will be shown #350 - [
Pow.Plug.Session] Now renews the Plug session each time the Pow session is created or rolled 578ffd3
🐛 Bug fixes
- [
Pow.Ecto.Schema.Changeset] Fixed bug wherePow.Ecto.Schema.Changeset.user_id_field_changeset/3update withnilvalue caused an exception to be raised #364 - [
PowPersistentSession.Plug.Cookie] Now expires the cookie 10 seconds after the last request when authenticating to prevent multiple simultaneous requests deletes the cookie immediately #366
📚 Documentation
- ➕ Added mailer rate limitation section to production checklist guide #368
- 📄 [
Pow.Plug.Session] Added section on session expiration to the docs #367 - ⚡️ Updated instructions in umbrella project guide to Elixir 1.9 d38efab
- ⚡️ [
Pow.Store.Backend.Base] Updated usage example with Cachex 32b0d5a - ➕ Added security practices page #372
- [