Skip to content

Releases: SeaweedbrainCY/zero-totp

b5.0.0

05 Dec 03:29
98ee2a5
Compare
Choose a tag to compare

This is a major beta release with important security improvement

  • Remove Admin dashboard as it is now the role of Zero-TOTP admin, from frontend and API endpoints.
  • Fix GHSA-59g5-xgcq-4qw3
  • Session are now based on token instead of JWT. This improve the global security of the application, by reducing the attack surface created by JWT, and enabling a far better session management, with session revokation
  • Fix 2 low security weakness by not giving to the frontend the choice of a secret uuid and forcing db-side the uniqueness of user's unique properties (username, email, token etc...)
  • Improve overall logging
  • Fix the issue causing the detection of user's remote IP to fail while verifying the session

b4.1.1

17 Nov 16:40
16c8dcf
Compare
Choose a tag to compare

What's Changed

Full Changelog: b4.0.1...b4.1.1

b4.0.1

01 Nov 23:59
30d6fe4
Compare
Choose a tag to compare

What's Changed

Full Changelog: b3.1.0...b4.0.1

b3.1.0

08 Oct 03:22
24d4814
Compare
Choose a tag to compare

What's Changed

Full Changelog: b3.0.3...b3.1.0

Beta 3.0.3

06 Oct 03:31
d643fc0
Compare
Choose a tag to compare

What's Changed

  • This is an important release that brings a lot of under-the-hood changes to Zero-TOTP. We have made a lot of changes to the codebase to make it more maintainable and to prepare it for the future.
  • Zero-TOTP is now present in Switzerland and Germany alongside Canada to improve the data redundancy.
  • Zero-TOTP is now far more reliable with a better load balancing and a better failover system.
  • The security of how Zero-TOTP communicates with its API and how the API handles each client has been reviewed to be more efficient and more strict.
  • Zero-TOTP is more reliable, resilient and secure than ever.

What's fixed :

  • The issue causing some backend request to fail while opening the vault have been definitively fixed by design improvement.
  • Update of our dependencies to fix 1 moderate CVE.
  • The issue causing the french translation to come a bit after the page load has been fixed.
  • Some errors messages have been improved to be more user-friendly.

Full Changelog: b2.11.3...b3.0.3

Beta 2.11.3

04 Sep 01:48
f0fde2d
Compare
Choose a tag to compare

What's Changed

Full Changelog: b2.11.2...b2.11.3

b2.11.2

03 Sep 03:55
0608b4b
Compare
Choose a tag to compare

What's Changed

Full Changelog: b2.10.5...b2.11.2

Beta 2.10.5

20 Jun 23:23
5f85716
Compare
Choose a tag to compare

What's Changed

Full Changelog: b2.10.2...b2.10.5

Beta 2.10.2

11 Jun 20:33
4263a73
Compare
Choose a tag to compare

What's Changed

Full Changelog: b2.10.1...b2.10.2

Beta 2.10.1

28 May 01:45
3def6c6
Compare
Choose a tag to compare

What's Changed

  • Make pipeline fail on semgrep findings
  • Removed or whitelist all semgrep findings
  • Remove the last call to buy me coffee CDN, leaving Zero-TOTP completely free of any external call (except to duckduckgo api for favicon if user consent)
  • Improve sse rotation key script
  • Improve frontend with more loading animation when the network is slow
  • When the user add a tag they can now chose among the already registered one on other secrets

Full Changelog: b2.10...b2.10.1