Releases: SeaweedbrainCY/zero-totp
Releases · SeaweedbrainCY/zero-totp
b6.0.0
This is a security release
- CVE-2025-24010 fixed
What's Changed
- Upgrade to bulma v1 and add dark theme by @SeaweedbrainCY in #160
- Add dark theme, upgrade to bulma 1 and agular 19 by @SeaweedbrainCY in #162
- Add changelog for b6.0.0 by @SeaweedbrainCY in #163
Full Changelog: b5.2.0...b6.0.0
Contributors
SeaweedbrainCY
Assets 2
b5.2.0
Contributors
SeaweedbrainCY
Assets 2
b5.1.0
What's Changed
- Add import vault feature by @SeaweedbrainCY in #154
- Bump jinja2 from 3.1.4 to 3.1.5 in /api by @dependabot in #155
- Feat: import vault by @SeaweedbrainCY in #156
Full Changelog: b5.0.0...b5.1.0
Contributors
dependabot and SeaweedbrainCY
Assets 2
b5.0.0
This is a major beta release with important security improvement
- Remove Admin dashboard as it is now the role of Zero-TOTP admin, from frontend and API endpoints.
- Fix GHSA-59g5-xgcq-4qw3
- Session are now based on token instead of JWT. This improve the global security of the application, by reducing the attack surface created by JWT, and enabling a far better session management, with session revokation
- Fix 2 low security weakness by not giving to the frontend the choice of a secret uuid and forcing db-side the uniqueness of user's unique properties (username, email, token etc...)
- Improve overall logging
- Fix the issue causing the detection of user's remote IP to fail while verifying the session
b4.1.1
What's Changed
- Bump werkzeug from 3.0.3 to 3.0.6 in /api by @dependabot in #145
- Add refresh token feature and expand the duration of the open vault by @SeaweedbrainCY in #147
- Add refresh token to decrease JWT lifetime and increase session lifetime by @SeaweedbrainCY in #148
- Fix generic creds error message by @SeaweedbrainCY in #149
Full Changelog: b4.0.1...b4.1.1
Contributors
dependabot and SeaweedbrainCY
Assets 2
b4.0.1
What's Changed
- Bump starlette from 0.36.2 to 0.40.0 in /api by @dependabot in #140
- Add PWA capabilities to Zero-TOTP by @SeaweedbrainCY in #141
- Add Zero-TOTP PWA by @SeaweedbrainCY in #142
- Bump cookie and socket.io in /frontend by @dependabot in #143
- Fix duckduckgo icon loading due to service working and fix CVE-2024-47764 by @SeaweedbrainCY in #144
Full Changelog: b3.1.0...b4.0.1
Contributors
dependabot and SeaweedbrainCY
Assets 2
b3.1.0
What's Changed
- Add custom session timeout up to 1h by @SeaweedbrainCY in #138
- Upgrade to angular18
Full Changelog: b3.0.3...b3.1.0
Contributors
SeaweedbrainCY
Assets 2
Beta 3.0.3
What's Changed
- This is an important release that brings a lot of under-the-hood changes to Zero-TOTP. We have made a lot of changes to the codebase to make it more maintainable and to prepare it for the future.
- Zero-TOTP is now present in Switzerland and Germany alongside Canada to improve the data redundancy.
- Zero-TOTP is now far more reliable with a better load balancing and a better failover system.
- The security of how Zero-TOTP communicates with its API and how the API handles each client has been reviewed to be more efficient and more strict.
- Zero-TOTP is more reliable, resilient and secure than ever.
What's fixed :
- The issue causing some backend request to fail while opening the vault have been definitively fixed by design improvement.
- Update of our dependencies to fix 1 moderate CVE.
- The issue causing the french translation to come a bit after the page load has been fixed.
- Some errors messages have been improved to be more user-friendly.
Full Changelog: b2.11.3...b3.0.3
Beta 2.11.3
What's Changed
- Bump flask-cors from 4.0.1 to 5.0.0 in /api by @dependabot in #122
- Bump cryptography from 42.0.5 to 43.0.1 in /api by @dependabot in #123
- Fix CVE-2024-6221 && CWE-1395 by @SeaweedbrainCY in #124
Full Changelog: b2.11.2...b2.11.3
Contributors
dependabot and SeaweedbrainCY
Assets 2
b2.11.2
0608b4b
This commit was signed with the committer’s verified signature.
SeaweedbrainCY
Nathan
What's Changed
- CVEs fix by @SeaweedbrainCY in #111
- Bump ws and socket.io-adapter in /frontend by @dependabot in #112
- Fix a bug unabling to update the passphrase by @SeaweedbrainCY in #113
- Bump zipp from 3.17.0 to 3.19.1 in /api by @dependabot in #114
- Move db model from code to a shared package by @SeaweedbrainCY in #116
- Bump sentry-sdk from 1.39.2 to 2.8.0 in /api by @dependabot in #117
- Use shared model and fix vuln by @SeaweedbrainCY in #118
- Remove flask alembic and use alembic instead by @SeaweedbrainCY in #119
- Add db check before starting API by @SeaweedbrainCY in #120
- Add 3rd replication node, add notification feature, modification of migration process by @SeaweedbrainCY in #121
Full Changelog: b2.10.5...b2.11.2
Contributors
dependabot and SeaweedbrainCY