Skip to content

v7.2.0

Compare
Choose a tag to compare
@mcollina mcollina released this 03 Jul 09:52
· 53 commits to master since this release
b97cc9d

Full Changelog: v7.1.1...v7.2.0

⚠️ Security Release ⚠️

This release fixes CVE-2023-31999 GHSA-g8x5-p9qc-cf95.

v7.2.0 changes the default behavior to store the OAuth2 state in a cookie with the http-only and same-site=lax attributes set. The state is now by default generated for every user.

Note that this contains a breaking change in the checkStateFunction function, which now accepts the full Request object.