Skip to content
This repository has been archived by the owner on Oct 11, 2022. It is now read-only.

v2.4.69

Compare
Choose a tag to compare
@brianlovin brianlovin released this 17 Nov 20:04
· 2881 commits to production since this release
aa7a732
  • enforces use of hsts and ssl on the api #4257
  • adds whitelist of subdomains allowed cors access #4258
  • updates yarn lock files to only have https registries, updates debug package #4252
  • fixes authorization bug that could allow a moderator to block a community owner #4254
  • fixes an insecure isSpectrumUrl check #4256
  • switches shortid to uuid/v4 for more secure token generation #4255
  • uses built-in passport.logout() method to handle session destruction #4253
  • fixes copy in login flow to make it clear that joining accepts the tos, privacy policy, and code of conduct #4248
  • adds lastAcceptedTerms date field to user model, backfills old users via migration #4248