Releases
1.8.0
Secrets are now hidden by default in the admin panel.
Now the version is shown in the top right corner of the admin page.
Read only settings are also shown in the admin panel, but not editable.
Added option to admin panel to force resync users, useful after restoring an old backup.
Implemented multiple U2F support, with custom names and compromised checks.
Emails now also include an HTML version next to the plaintext version. It's up to the email clients which one to show now.
Updated vault to 2.9.0
Implemented constant time comparison for admin password and two factor remember and recover tokens.
Added more config options:
Icon download timeout
Hide routes mount points, enabled by default
Disable WAL (not recommended, only for network filesystems that have problems with WAL enabled)
Disable Admin token (unsafe, only use when behind another authentication scheme).
Use wrapped TLS for email, when STARTTLS doesn't work.
Icon downloader domain blacklist, to block anything that might be sensitive, lik other servers in the local network.
Updated dependencies and fixed minor bugs
You can’t perform that action at this time.