authboss v2.1.1 Release Notes

Release Date: 2018-12-10 // almost 3 years ago
  • ๐Ÿ”’ Security

    • ๐Ÿ›  Fix a bug with the 2fa code where a client that failed to log in to a user account got SessionTOTPPendingPID set to that user's pid. That user's pid was used as lookup for verify() method in totp/sms methods before current user was looked at meaning the logged in user could remove 2fa from the other user's account because of the lookup order.