775ac7b58c
you must login with an BTP account in order to see the app
2.3 KiB
2.3 KiB
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Unreleased
0.6.0 - 2022-05-20
Security
- Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).
0.5.3 - 2022-05-16
Fixed
initialize()
middleware extends request withlogin()
,logIn()
,logout()
,logOut()
,isAuthenticated()
, andisUnauthenticated()
functions again, reverting change from 0.5.1.
0.5.2 - 2021-12-16
Fixed
- Introduced a compatibility layer for strategies that depend directly on
passport@0.4.x
or earlier (such aspassport-azure-ad
), which were broken by the removal of private variables inpassport@0.5.1
.
0.5.1 - 2021-12-15
Added
- Informative error message in session strategy if session support is not available.
Changed
authenticate()
middleware, rather thaninitialize()
middleware, extends request withlogin()
,logIn()
,logout()
,logOut()
,isAuthenticated()
, andisUnauthenticated()
functions.
[0.5.0] - 2021-09-23
Changed
initialize()
middleware extends request withlogin()
,logIn()
,logout()
,logOut()
,isAuthenticated()
, andisUnauthenticated()
functions.
Removed
login()
,logIn()
,logout()
,logOut()
,isAuthenticated()
, andisUnauthenticated()
functions no longer added tohttp.IncomingMessage.prototype
.
Fixed
userProperty
option toinitialize()
middleware only affects the current request, rather than all requests processed via singleton Passport instance, eliminating a race condition in situations whereinitialize()
middleware is used multiple times in an application withuserProperty
set to different values.