This release improves the overall security of logins in Password Pusher. Details below.
With this release, all pre-existing login sessions will end and users will have to log in again.
The improvements are:
- "Remember me" now only remembers for 1 week
- Login password length increased to 10 to 128 characters (previously 6 to 128) (preexisting login passwords unaffected)
- Login sessions now expire after 2 hours of inactivity
- Cookie serialization is now done via JSON to fix https://github.com/pglombardo/PasswordPusher/security/code-scanning/1
Being a security product dealing with sensitive information, these changes are appropriate.
📝 What’s Changed
- Improved Login Security (#2731) @pglombardo
- Security: Use json for cookie serialization (#2720) @pglombardo
⬆️ Dependencies updates
- ⬆️ Bump rubocop-ast from 1.33.0 to 1.34.0 (#2730) @dependabot
- ⬆️ Bump date from 3.3.4 to 3.4.0 (#2729) @dependabot
- ⬆️ Bump aws-partitions from 1.1000.0 to 1.1001.0 (#2728) @dependabot
- ⬆️ Bump rackup from 2.1.0 to 2.2.0 (#2725) @dependabot
- ⬆️ Bump debase from 0.2.5.beta2 to 0.2.6 (#2724) @dependabot
- ⬆️ Bump oj from 3.16.6 to 3.16.7 (#2722) @dependabot
- ⬆️ Bump google-apis-iamcredentials_v1 from 0.21.0 to 0.22.0 (#2723) @dependabot
👥 List of contributors
@dependabot, @dependabot[bot] and @pglombardo
🛥️ Docker Images
Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush
🏃♂️ Run This Version
docker run -d -p 5100:5100 pglombardo/pwpush:1.47.5..and go to http://localhost:5100