Skip to content

v1.6.18
Compare
Choose a tag to compare
@pilinux pilinux released this 11 Sep 10:39
· 202 commits to main since this release
v1.6.18
e4da0ae
This commit was signed with the committer’s verified signature.
pilinux mahir
GPG key ID: 075F102BF87704CE
Learn about vigilant mode.

major update with full backward-compatibility

  • option to save user email in encrypted form at rest
    by setting ACTIVATE_CIPHER=yes and adding a random
    secret to CIPHER_KEY. If there are existing accounts,
    the auth functionality will still work properly. Once
    encryption at rest is enabled and a new user account
    is registered, it is not possible to downgrade to
    insecure plaintext mode.

  • option to harden SHA-based hashing algorithm for 2FA
    by setting TWO_FA_DOUBLE_HASH=yes.

  • optionally use secrets BLAKE2B_SECRET for blake2b
    hashing.

  • if ACTIVATE_CIPHER=yes, ChaCha20-Poly1305 (256-bit)
    is used for email encryption.

  • for 2FA keys, AES-256 is used as before.

  • a new controller and services are included to generate
    backup codes for 2FA.

  • an improved go doc.

compare commits

Assets 2
Loading