Changelog for
ruby2.4-rubygem-devise-4.2.0-1.1.x86_64.rpm :
Sat Jul 2 14:00:00 2016 cooloAATTsuse.com
- updated to version 4.2.0
see installed CHANGELOG.md
[#]## Unreleased
[#]## 4.2.0 - 2016-07-01
* removals
* Remove the deprecated `Devise::ParameterSanitizer` API from Devise 3.
Please use the `#permit` and `#sanitize` methods over `#for`.
* Remove the deprecated OmniAuth URL helpers. Use the fully qualified helpers
(`user_facebook_omniauth_authorize_path`) over the scope based helpers
( `user_omniauth_authorize_path(:facebook)`).
* Remove the `Devise.bcrypt` method, use `Devise::Encryptor.digest` instead.
* Remove the `Devise::Models::Confirmable#confirm!` method, use `confirm` instead.
* Remove the `Devise::Models::Recoverable#reset_password!` method, use `reset_password` instead.
* Remove the `Devise::Models::Recoverable#after_password_reset` method.
* bug fixes
* Fix an `ActionDispatch::IllegalStateError` when testing controllers with Rails 5 rc 2(by AATThamadata).
* Use `ActiveSupport.on_load` hooks to include Devise on `ActiveRecord` and `Mongoid`,
avoiding autoloading these constants too soon (by AATTlucasmazza, AATTrafaelfranca).
* enhancements
* Display the minimum password length on `registrations/edit` view (by AATTYanchek99).
* You can disable Devise\'s routes reloading on boot by through the `reload_routes = false` config.
This can reduce the time taken to boot the application but it might trigger
some errors if you application (mostly your controllers) requires that
Devise mappings be loaded during boot time (by AATTsidonath).
* Added `Devise::Test::IntegrationHelpers` to bypass the sign in process using
Warden test API (by AATTlucasmazza).
* Define `inspect` in `Devise::Models::Authenticatable` to help ensure password hashes
aren\'t included in exceptions or otherwise accidentally serialized (by AATTtkrajcar).
* Add missing support of `Rails.application.config.action_controller.relative_url_root` (by AATTkosdiamantis).
* deprecations
* `Devise::TestHelpers` is deprecated in favor of `Devise::Test::ControllerHelpers`
(by AATTlucasmazza).
* The `sign_in` test helper has changed to use keyword arguments when passing
a scope. `sign_in :admin, users(:alice)` should be rewritten as
`sign_in users(:alice), scope: :admin` (by AATTlucasmazza).
* The option `bypass` of `Devise::Controllers::SignInOut#sign_in` method is
deprecated in favor of `Devise::Controllers::SignInOut#bypass_sign_in`
method (by AATTulissesalmeida).
Sat May 21 14:00:00 2016 cooloAATTsuse.com
- updated to version 4.1.1
see installed CHANGELOG.md
Tue Apr 19 14:00:00 2016 cooloAATTsuse.com
- updated to version 4.0.0
see installed CHANGELOG.md
Tue Feb 2 13:00:00 2016 cooloAATTsuse.com
- updated to version 3.5.6
see installed CHANGELOG.md
[#]## 3.5.6 - 2016-01-02
* bug fixes
* Fix type coercion of the rememberable timestamp stored on cookies.
Mon Jan 25 13:00:00 2016 cooloAATTsuse.com
- updated to version 3.5.5
see installed CHANGELOG.md
[#]## 3.5.5 - 2016-22-01
* bug fixes
* Bring back remember_expired? implementation
* Ensure timeouts are not triggered if remember me is being used
Thu Jan 21 13:00:00 2016 cooloAATTsuse.com
- updated to version 3.5.4
see installed CHANGELOG.md
Sat Dec 12 13:00:00 2015 cooloAATTsuse.com
- updated to version 3.5.3
see installed CHANGELOG.md
[#]## Unreleased
[#]## 3.5.3 - 2015-12-10
* bug fixes
* Fix password reset for records where `confirmation_required?` is disabled and
`confirmation_sent_at` is nil. (by AATTandygeers)
* Allow resources with no `email` field to be recoverable (and do not clear the
reset password token if the model was already persisted). (by AATTseddy, AATTstanhu)
* enhancements
* Upon setting `Devise.send_password_change_notification = true` a user will receive notification when their password has been changed.
Tue Aug 11 14:00:00 2015 cooloAATTsuse.com
- updated to version 3.5.2
see installed CHANGELOG.md
[#]## 3.5.2 - 2015-08-10
* enhancements
* Perform case insensitive basic authorization matching
* Big fixes
* Do not use digests for password confirmation token
* Fix infinite redirect in Rails 4.2 authenticated routes
* Autoload Devise::Encryptor to avoid errors on thread-safe mode
Thu May 28 14:00:00 2015 cooloAATTsuse.com
- updated to version 3.5.1
see installed CHANGELOG.md
Tue Feb 10 13:00:00 2015 cooloAATTsuse.com
- updated to version 3.4.1
Mon Oct 13 14:00:00 2014 cooloAATTsuse.com
- adapt to new rubygem packaging
Tue Mar 18 13:00:00 2014 cooloAATTsuse.com
- updated to version 3.2.4
* enchancements
* `bcrypt` dependency updated due https://github.com/codahale/bcrypt-ruby/pull/86.
* View generator now can generate specific views with the `-v` flag, like `rails g devise:views -v sessions` (by AATTkayline)
Sat Feb 22 13:00:00 2014 cooloAATTsuse.com
- updated to version 3.2.3
* enhancements
* Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`.
You can change this and use your own secret by changing the `devise.rb` initializer.
* bug fix
* Migrations will be properly generated when using rails 4.1.0.
Tue Nov 26 13:00:00 2013 cooloAATTsuse.com
- updated to version 3.2.2
* bug fix
* Ensure timeoutable works when `sign_out_all_scopes` is false (by AATTlouman)
* Keep the query string when storing location (by AATTcsexton)
* Require rails generator base class in devise generators
Fri Nov 22 13:00:00 2013 cooloAATTsuse.com
- updated to version 3.2.1
Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumeration-in-devise-in-paranoid-mode
* enhancements
* Add `store_location_for` helper and ensure it is safe (by AATTmatthewrudy and AATThomakov)
* Add `yield` around resource methods in Devise controllers (by AATTedelpero)
* bug fix
* Bring `password_digest` back to fix compatibility with `devise-encryptable`
* Avoid e-mail enumeration on sign in when in paranoid mode
[#]## 3.2.0
* enhancements
* Previously deprecated token authenticatable and insecure lookups have been removed
* Add a class method so you can encrypt passwords from fixtures (by AATTtenderlove)
* Send custom message when user enters invalid password and it has only one attempt
to enter correct password before his account will be locked (by AATTLightpower)
* Prevent mutation of values assigned to case and whitespace santitized members (by AATTiamvery)
* Separate redirects and flash messages in `navigational_formats` and `flashing_formats` (by AATTssendev)
* bug fix
* A GET to sign_in page shouldn\'t extend the session (by AATTdrewish)
* Splat the arguments to `strong_parameters#permit` to work around a limitation in the `strong_parameters` gem (by AATTmemberful)
* Omniauth now uses `mapping.fullpath` when generating routes. This means if you call `devise_for :users` inside a scope, like `scope \"/api\"`, the scope will now apply to the omniauth route (by AATTAlexanderZaytsev)
* Ensure timeoutable hook respects `Devise.sign_out_all_scopes` configuration
* deprecations
* `expire_session_data_after_sign_in!` has been deprecated in favor of `expire_data_after_sign_in!`
Fri Oct 4 14:00:00 2013 cooloAATTsuse.com
- updated to version 3.1.1
* bug fix
* Improve default message which asked users to sign in even when they were already signed (by AATTgregates)
* Improve error message for when the `config.secret_key` is missing
Sat Sep 7 14:00:00 2013 cooloAATTsuse.com
- updated to version 3.1.0
Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/
* backwards incompatible changes
* Do not store confirmation, unlock and reset password tokens directly in the database. This means tokens previously stored in the database are no longer valid. You can reenable this temporarily by setting `config.allow_insecure_tokens_lookup = true` in your configuration file. It is recommended to keep this configuration set to true just temporarily in your production servers only to aid migration
* The Devise mailer and its views were changed to explicitly receive a token argument as `AATTtoken`. You will need to update your mailers and re-copy the views to your application with `rails g devise:views`
* Sanitization of parameters should be done by calling `devise_parameter_sanitizer.sanitize(:action)` instead of `devise_parameter_sanitizer.for(:action)`
* deprecations
* Token authentication is deprecated
* enhancements
* Better security defaults
* Allow easier customization of parameter sanitizer (by AATTalexpeattie)
* bug fix
* Do not confirm e-mail after password reset (by AATTmoll)
* Do not sign in after confirmation
* Do not store confirmation, unlock and reset password tokens directly in the database
* Do not compare directly against confirmation, unlock and reset password tokens
* Skip storage for cookies on unverified requests
Mon Aug 26 14:00:00 2013 cooloAATTsuse.com
- updated to version 3.0.3
== 3.0.3
* bug fix
* Do not confirm account after reset password
== 3.0.2
* bug fix
* Skip storage for cookies on unverified requests
== 3.0.1
Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixation-attacks-in-devise/
Tue Aug 6 14:00:00 2013 cooloAATTsuse.com
- updated to version 3.0.1
* enhancements
* Add after_confirmation callback
* bug fix
* When using rails 3.2, the generator adds \'attr_accessible\' to the model (by AATTjcoyne)
* Clean up CSRF token after authentication (by AATThomakov). Notice this change will clean up the CSRF Token after authentication
(sign in, sign up, etc). So if you are using AJAX for such features, you will need to fetch a new CSRF token from the server.
Sun Jul 21 14:00:00 2013 cooloAATTsuse.com
- updated to version 3.0.0
* enhancements
* Rails 4 and Strong Parameters compatibility (by AATTcarlosantoniodasilva, AATTjosevalim, AATTlatortuga, AATTlucasmazza, AATTnashby, AATTrafaelfranca, AATTspastorino)
* Drop support for Rails < 3.2 and Ruby < 1.9.3
* Enable to skip sending reconfirmation email when reconfirmable is on and skip_confirmation_notification! is invoked (by AATTtkhr)
* bug fix
* Errors on unlock are now properly reflected on the first `unlock_keys`
Wed May 8 14:00:00 2013 cooloAATTsuse.com
- updated to version 2.2.4
* enhancements
* Add `destroy_with_password` to `DatabaseAuthenticatable`. Allows destroying a record when `:current_password` matches, similarly to how `update_with_password` works. (by AATTmich
iel3)
* Allow to override path after password resetting (by AATTworker8)
* Add `#skip_confirmation_notification!` method to `Confirmable`. Allows skipping confirmation email without auto-confirming. (by AATTgregates)
* allow_unconfirmed_access_for config from `:confirmable` module can be set to `nil` that means unconfirmed access for unlimited time. (by AATTnashby)
* Support Rails\' token strategy on authentication (by AATTrobhurring)
* Support explicitly setting the http authentication key via `config.http_authentication_key` (by AATTneo)
* bug fix
* Do not redirect when accessing devise API via JSON. (by AATTsebastianwr)
* Generating scoped devise views now uses the correct scoped shared links partial instead of the default devise one (by AATTnashby)
* Fix inheriting mailer templates from `Devise::Mailer`
* Fix a bug when procs are used as default mailer in Devise (by AATTtomasv)
Thu Feb 7 13:00:00 2013 lslezakAATTsuse.cz
- updated to version 2.2.3
* fixed security issue (wrong records may be read when sending
specifically crafted requests) (bnc#800955)
Thu Jan 24 13:00:00 2013 cooloAATTsuse.com
- updated to version 2.2.2
* bug fix
* Fix bug when checking for reconfirmable in templates
* bug fix
* Fix regression with case_insensitive_keys
* Fix regression when password is blank when it is invalid
Fri Aug 31 14:00:00 2012 cooloAATTsuse.com
- update to 2.1.2, see CHANGELOG.md
Thu May 31 14:00:00 2012 lslezakAATTsuse.cz
- updated to 1.5.3
Fri Jun 11 14:00:00 2010 mrueckertAATTsuse.de
- update to version 1.0.7
* Ensure password confirmation is always required
* authenticatable was deprecated and renamed to
database_authenticatable
* confirmable is not included by default on generation
Fri Jun 11 14:00:00 2010 mrueckertAATTsuse.de
- use rubygems_requires macro
Mon Apr 12 14:00:00 2010 mrueckertAATTsuse.de
- initial package