From a5be993796898a8a15a94cbd130200d84205f8e2 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Fri, 21 Jun 2019 21:56:30 -0700 Subject: [PATCH] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b765b87c8..1925cd799 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,9 +6,13 @@ This project follows [Semantic Versioning](http://semver.org) guidelines. ## v0.7.14 (Derelict Dermodactylus) ### Fixed * **[SECURITY]** Fixes an XSS vulnerability when performing certain actions in the file manager. +* **[SECURITY]** Attempting to login as a user who has 2FA enabled will no longer request the 2FA token before validating +that their password is correct. This closes a user existence leak that would expose that an account exists if +it had 2FA enabled. ### Changed * Support for setting a node to listen on ports lower than 1024. +* QR code URLs are now generated without the use of an external library to reduce the dependency tree. * Regenerated database passwords now respect the same settings that were used when initially created. * Cleaned up 2FA QR code generation to use a more up-to-date library and API. * Console charts now properly start at 0 and scale based on server configuration. No more crazy spikes that