Merge branch 'release/v0.7.14' into feature/react

2019-06-22 12:28:44 -07:00 · 2019-06-22 12:28:44 -07:00 · 56640253b9
commit 56640253b9
parent 2a626a3e1f c38f78df84
16 changed files with 178 additions and 59 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,21 @@ This file is a running track of new features and fixes to each version of the pa

 This project follows [Semantic Versioning](http://semver.org) guidelines.

+## v0.7.14 (Derelict Dermodactylus)
+### Fixed
+* **[SECURITY]** Fixes an XSS vulnerability when performing certain actions in the file manager.
+* **[SECURITY]** Attempting to login as a user who has 2FA enabled will no longer request the 2FA token before validating
+that their password is correct. This closes a user existence leak that would expose that an account exists if
+it had 2FA enabled.
+
+### Changed
+* Support for setting a node to listen on ports lower than 1024.
+* QR code URLs are now generated without the use of an external library to reduce the dependency tree.
+* Regenerated database passwords now respect the same settings that were used when initially created.
+* Cleaned up 2FA QR code generation to use a more up-to-date library and API.
+* Console charts now properly start at 0 and scale based on server configuration. No more crazy spikes that
+are due to a change of one unit.
+
 ## v0.7.13 (Derelict Dermodactylus)
 ### Fixed
 * Fixes a bug with the location update API endpoint throwing an error due to an unexected response value.