v7.2.0
Full Changelog: v7.1.1...v7.2.0
⚠️ Security Release ⚠️
This release fixes CVE-2023-31999 GHSA-g8x5-p9qc-cf95.
v7.2.0 changes the default behavior to store the OAuth2 state
in a cookie with the http-only
and same-site=lax
attributes set. The state is now by default generated for every user.
Note that this contains a breaking change in the checkStateFunction
function, which now accepts the full Request
object.