This repository has been archived by the owner on Oct 11, 2022. It is now read-only.
v2.4.69
brianlovin
released this
17 Nov 20:04
·
2881 commits
to production
since this release
- enforces use of
hsts
andssl
on the api #4257 - adds whitelist of subdomains allowed cors access #4258
- updates yarn lock files to only have
https
registries, updatesdebug
package #4252 - fixes authorization bug that could allow a moderator to block a community owner #4254
- fixes an insecure
isSpectrumUrl
check #4256 - switches
shortid
touuid/v4
for more secure token generation #4255 - uses built-in
passport.logout()
method to handle session destruction #4253 - fixes copy in login flow to make it clear that joining accepts the tos, privacy policy, and code of conduct #4248
- adds
lastAcceptedTerms
date field to user model, backfills old users via migration #4248