What's Changed
Exciting New Features 🎉
- Add github workflow for running e2e tests by @filipslezaklab in #157
- feat: add password bruteforce protection by @wojcik91 in #161
Other Changes
- fix(API): restrict user list access to admins by @wojcik91 in #143
- fix(API): limit openid app management access by @wojcik91 in #144
- fix(API): fix access token permissions by @wojcik91 in #145
- fix(API): prevent authorization_code reuse by @wojcik91 in #146
- multiple errors input floating popup by @filipslezaklab in #147
- fix(API): prevent 2FA bypass by yubikey by @wojcik91 in #148
- feat: make Webauthn RP ID config optional by @wojcik91 in #150
- fix(API): add yubikey provisioning permissions by @wojcik91 in #151
- fix(OpenID): ignore trailing slash in redirect URI by @wojcik91 in #152
- fix(API): restrict job status access by @wojcik91 in #153
- e2e workflow by @filipslezaklab in #149
- fix(API): update user device permissions by @wojcik91 in #154
- fix(Wireguard): prevent creating invalid devices by @wojcik91 in #155
- fix(web3): add nonce regeneration in auth flow by @wojcik91 in #156
- add loading state for async operations in wizard by @filipslezaklab in #159
- add network config validation by @filipslezaklab in #160
- fix: i18n type checking by @filipslezaklab in #162
- chore: update texts by @filipslezaklab in #164
- fix(auth): destroy session on logout by @wojcik91 in #163
- fix(oAuth): add missing state in oAuth response by @wojcik91 in #165
- chore: auth cookie samesite to strict by @filipslezaklab in #167
- fix: network config form validation by @filipslezaklab in #168
- fix: prevent log injection/manipulation by @wojcik91 in #166
Full Changelog: v0.4.13...v0.5.0