-
Security fix: escape the U2F key value when doing the key lookup in database during login. Props @mjangda from WordPress VIP. See #351.
-
New feature: invalidate email tokens 15 minutes after they were generated. Use the
two_factor_token_ttlfilter to override this time-to-live interval. See #352. -
Document some of the available filters.