|
2 | 2 |
|
3 | 3 | --- |
4 | 4 |
|
| 5 | +### 9.0.0 (April 12, 2025) |
| 6 | + |
| 7 | +New Features |
| 8 | + |
| 9 | +- Introduced "Logout Everywhere" functionality for enhanced security (Thanks to @vimark1). |
| 10 | +- Added support for Google Analytics 4, Facebook Pixel, and Open Graph metadata. |
| 11 | + |
| 12 | +Enhancements |
| 13 | + |
| 14 | +- Removed unnecessary session saves for uninitialized sessions. |
| 15 | +- Cleaned up GitHub Actions by removing unnecessary CodeQL references. |
| 16 | +- Updated documentation for improved clarity and relevance. |
| 17 | +- Optimized Dockerfile and updated Docker image for better performance (Thanks to @akarys2304). |
| 18 | +- Replaced favicon.png with favicon.ico to match browser default requests. |
| 19 | +- Added Apple touch icons. |
| 20 | +- Refactored Nodemailer calls into config/nodemailer.js for unified security and configuration settings. |
| 21 | +- Removed redundant installation of body-parser, now included with ExpressJS. |
| 22 | +- Renamed getValidateReCAPTCHA to validateReCAPTCHA for better clarity. |
| 23 | +- Adopted Prettier for consistent code formatting. |
| 24 | +- Suppressed unactionable Sass import deprecation warnings. |
| 25 | +- Renamed handleOAuth2Callback to saveOAuth2UserTokens for clarity. |
| 26 | + |
| 27 | +Security Updates |
| 28 | + |
| 29 | +- Addressed Host-header Injection vulnerability in Password Reset & Email Verification (CVE-2025-29036). |
| 30 | +- Added upload size limit for Multer and moved its configuration to api.js. |
| 31 | +- Replaced MD5 with SHA256 for Gravatar generation. |
| 32 | + |
| 33 | +Bug Fixes |
| 34 | + |
| 35 | +- Updated to the latest HERE Maps API as the prior API version calls were no longer working. |
| 36 | +- Corrected the path for popper.js. |
| 37 | +- Fixed pre-commit test and lint execution. |
| 38 | +- Updated the default privacy policy to comply with Facebook terms and other regulations. |
| 39 | +- Improved OAuth2 token handling logic: |
| 40 | + - Properly save tokens without expiration dates. |
| 41 | + - Consolidated token-saving logic across all providers to fix multiple issues. |
| 42 | + - Prevented infinite redirect loops in isAuthorized during failed token refresh attempts. |
| 43 | + |
| 44 | +Chore & Maintenance |
| 45 | + |
| 46 | +- [Breaking] Upgraded to Express 5.x. |
| 47 | +- [Breaking] Migrated from axios to Node.js's built-in fetch, reducing dependencies and improving performance. |
| 48 | +- Switched from the deprecated nyc to c8 for code coverage reporting. |
| 49 | +- Updated all dependencies. |
| 50 | + |
| 51 | +Tests |
| 52 | + |
| 53 | +- Added unit tests for isAuthorized and saveOAuth2UserTokens in config/passport.js. |
| 54 | +- Fixed unit tests for app.js. |
| 55 | + |
5 | 56 | ### 8.1.0 (February 1, 2025) |
6 | 57 |
|
7 | 58 | Security Enhancements |
|
0 commit comments