discourse

mirror of https://github.com/discourse/discourse.git synced 2025-02-16 18:24:52 -06:00

History

Penar Musaraj 974b3a2a6f DEV: Do not require session confirmation for new users (#24799 ) When making sensitive changes to an account (adding 2FA or passkeys), we require users to confirm their password. This is to prevent an attacker from adding 2FA to an account they have access to. However, on newly created accounts, we should not require this, it's an extra step and it doesn't provide extra security (since the account was just created). This commit makes it so that we don't require session confirmation for accounts created less than 5 minutes ago.		2024-02-15 12:29:16 -05:00
..
assets	UX: clean up some label and form inconsistencies, reduce excess bolding (#25701 )	2024-02-15 11:27:51 -05:00
controllers	DEV: Do not require session confirmation for new users (#24799 )	2024-02-15 12:29:16 -05:00
helpers	SECURITY: Properly escape user content within `<noscript>`	2024-01-30 09:10:09 -07:00
jobs	DEV: Drop deprecated Badge#image column (#25536 )	2024-02-02 14:09:55 +08:00
mailers	FIX: Add higher read & open timeouts for group SMTP emails (#24593 )	2023-11-28 15:32:59 +10:00
models	PERF: Pass the `-ping` option to the `identify` ImageMagick command to speed it up (#25697 )	2024-02-15 18:55:39 +03:00
serializers	FIX: serialize can_ignore_users (#25672 )	2024-02-14 15:17:19 +11:00
services	DEV: Drop distributed mutex from`SidebarSiteSettingsBackfiller#backfill!` (#25674 )	2024-02-15 06:21:03 +08:00
views	removed broken link and comments from no_index.erb (#25648 )	2024-02-14 12:09:24 +08:00