v1.25.2 - 2025-01-10
- [1.x] Use
retrieveByCredentials()
on the User Provider instead of a hardcoded Eloquent query by @pascalbaljet in #582 - Changed migration of users table by @aronbeurskens in #586
v1.25.1 - 2024-11-27
- Replace implicitly nullable parameters for PHP 8.4 by @JeppeKnockaert in #580
v1.25.0 - 2024-11-21
v1.24.5 - 2024-11-12
- [1.x] Supports PHP 8.4 by @crynobone in #576
v1.24.4 - 2024-10-29
- Rename
POST
routes to avoid regression bugs by @cima-alfa in #574
v1.24.3 - 2024-10-18
- Update logo to support dark/light theme by @milewski in #569
- Fix unnamed routes when views are disabled (with original code formatting) by @cima-alfa in #571
v1.24.2 - 2024-09-16
- Adding context length configuration for 2FA to ensure better security standards by @MattLoyeD in #568
v1.24.1 - 2024-09-03
- [1.x] Add
X-Retry-After
to/user/confirm-password/status
response by @crynobone in #565
v1.24.0 - 2024-08-20
- [1.x] Support case insensitive password resets by @mattmcdonald-uk in #562
- Dispatch RecoveryCodeReplaced Event by @stephenjude in #564
v1.23.0 - 2024-08-02
- Fire ValidTwoFactorAuthenticationCodeProvided Event when 2FA session is authenticated by @stefanzweifel in #559
v1.22.0 - 2024-07-22
- [1.x] Rehash password if required when user uses two factor by @gdebrauwer in #557
- [1.x] Add TwoFactorAuthenticationFailed event by @antergos98 in #558
v1.21.5 - 2024-07-04
- [1.x] Allow
redirect()->intended()
responses to be resolved via the Container by @crynobone in #551
v1.21.4 - 2024-06-27
- [1.x] Use available
$name
property fromSessionGuard
if the value exists by @crynobone in #553
v1.21.3 - 2024-05-08
- [1.x] Ensure logout route is authenticated by @timacdonald in #536
v1.21.2 - 2024-04-25
- [1.x] Bacon QR 3.0 support by @eshimischi in #534
v1.21.1 - 2024-03-19
- Specify return type array type by @santigarcor in #525
- [1.x] Make commands lazy by @timacdonald in #527
v1.21.0 - 2024-03-08
- [1.x] Adds
fortify:install
Artisan command by @nunomaduro in #524
v1.20.1 - 2024-02-08
- Don't overwrite an already two factor secret unless force = true by @danmatthews in #518
- Use
Date
facade for storing the password confirmation timestamp by @chrisvanlier2005 in #520
v1.20.0 - 2024-01-15
- [1.x] Merges develop by @nunomaduro in #515
v1.19.1 - 2023-12-11
- Deprecate the password rule and use illuminate password rule by @ricklambrechts in #511
v1.19.0 - 2023-11-27
- Add new event by @taylorotwell in https://github.com/laravel/fortify/commit/2da721fead1f3bc18af983e4903c4e1df67177e7
v1.18.1 - 2023-10-18
v1.18.0 - 2023-09-12
- Added case-sensitivity option for usernames by @Radiergummi in #485
- Added response contract for email verification notification by @m-thalmann in #489
v1.17.6 - 2023-09-04
- Update logout to invalidate and regenerate session only if session is present (Issue #486) by @karmendra in #487
v1.17.5 - 2023-08-02
v1.17.4 - 2023-06-18
- Port security fixes to default login rate limiter by @staudenmeir in #473
v1.17.3 - 2023-06-02
- Fix contract implementation by @jessarcher in #472
v1.17.2 - 2023-04-26
- Revert "Add rate limiter for a registration" by @taylorotwell in #465
v1.17.1 - 2023-04-19
- Add rate limiter for a registration by @trbsi in #460
v1.17.0 - 2023-04-17
- Add ability to override routes with custom paths by @stephenglass in #458
v1.16.0 - 2023-01-06
- Laravel v10 Support by @driesvints in #435
v1.15.0 - 2023-01-03
- Update PrepareAuthenticatedSession.php by @francoism90 in #434
- Uses PHP Native Type Declarations 🐘 by @nunomaduro in #421
- Fix error while preparing PasswordResetResponse with views turned off by @leonkllr0 in #433
v1.14.1 - 2022-12-09
- Only fire event when actually updating the database to disable two factor authentication by @taylorotwell in https://github.com/laravel/fortify/commit/04b4b9c20e421c415d0427904a72e08a21bdec27
v1.14.0 - 2022-11-23
- Add more Response contract bindings by @bdsumon4u in #425
v1.13.7 - 2022-11-04
- Update parameter order for hash_equals function in TwoFactorLoginRequest by @jayan-blutui in #422
- Use
boolean
rather thanfilled
for remember by @Codeatron5000 in #423
v1.13.6 - 2022-11-01
- Fix error message when entering invalid 2fa code by @emargareten in #415
- Use Fortify username method on ConfirmPassword action by @jayan-blutui in #420
v1.13.5 - 2022-10-21
- Add and use constants for session flashes by @dwightwatson in #409
- Use current_password rule when changing password by @dwightwatson in #410
- Parameters order with hash_equals by @chivincent in #411
v1.13.4 - 2022-09-30
- Only save user if need to by @taylorotwell in https://github.com/laravel/fortify/commit/9a68cf2deb37d1796b6e2fd97d3c61f086868914
v1.13.3 - 2022-08-16
- Return recovery errors under the
recovery_code
key by @jessarcher in #401
v1.13.2 - 2022-08-09
- Fix second usage of 2FA code by @xwillq in #399
v1.13.1 - 2022-07-05
- Call FailedTwoFactorLoginResponse::toResponse with TwoFactorLoginRequest by @ricklambrechts in #395
v1.13.0 - 2022-05-05
- Added config option for custom OTP window by @robtesch in #385
v1.12.0 - 2022-03-29
- 2FA setup key by @ps-sean in #371
- Enable 2FA confirmation by default by @taylorotwell in https://github.com/laravel/fortify/commit/a6caadc80e348755de0e1da221a6253d9f2c48f9
- Fix double error message for failed 2FA response by @driesvints in #369
v1.11.2 - 2022-03-08
- Ensures route
password.confirm
is defined when not using views by @Frozire in #368
- Cache 2FA token timestamp by @driesvints in #366
v1.11.1 - 2022-02-24
- Fix Exception when sending empty 2FA confirmation code by @srdante in #361
- Unsupported operand types on rollback migration by @Jackpump in #362
v1.11.0 - 2022-02-22
- Include the otpauth url when retrieving the QR svg by @JanMisker in #356
- Confirmable 2FA by @taylorotwell in #358
- Fix incorrect key for error bag by @vaibhavpandeyvpz in #360
v1.10.2 - 2022-02-08
- Prevent new login after 2FA challenge (#353)
- Fix throttle bypass exploit (#354)
v1.10.1 - 2022-02-01
- Fix VerifyEmailResponse resolving (#349)
- Add VerifyEmailResponse contract (#347)
- Switch to anonymous migrations (#348)
- Customise the auth middleware name (#335)
- Check if authenticated user has 2FA enabled (#334)
- Fix an issue with array to string conversion (#333)
- Use boolean rather than filled for remember (#328)
- Add a check for two factor auth being enabled (#323)
- Allow verification rate limiter to be configurable (#313)
- Allow reset password redirect (#307)
- Fix auth guard (#296)
- Restrict guest Middleware to Fortify's guard (#258)
- Remove password confirmation requirement for reset password (#254)
- Require password and confirmation (#245)
- Redirect to intended URL after registration (#222)
- Move route outside
$enableViews
(#203)
- Fix missing current password (#194)
- Revert "Retrieve user through provider" (#195)
- Retrieve user through provider (#189)
- Add the
prefix
anddomain
configuration options (#143) - Change how feature options are stored to work with config caching (b2430958)
- Fix 2FA disabled routes via
views
config (#142)
- Redirect to intended URL after email verification (#119)
- Only use two factor action when enabled (#127)
- Add FailedTwoFactorLoginResponse contract (#106)
- Redirect to intended after two factor login (#105)
- Allow Fortify views to accept
Responsable
objects (#107) - Use the
Rule::unique
for new user validation (#108)
- Add
attempts
method to rate limiter (#85) - Add name to Profile update and Password update routes (#89)
- Fix for empty password during confirmation (#87)
- Add option to force the password to have a special character (#65)
- Allow 'confirmPasswordView' to use view prefixes (#71)
- Send JSON response if request is an AJAX request (#75)
- Remove unnecessary bag (85a7dfb)
- Fix test bug when use sqlite database (#69)
- Allow the expected email address request variable to be changed (#28)
- Update configuration stub with middleware option (#55)
- Make routes more dynamic (#41)
- Add illuminate/support dependency (#46)
- Resend email verification after user update (#52, 951d943)
- Only register two-factor-challenge routes if TFA feature enabled (#44)
- Added missing request to the throwFailedAuthenticationException method (#61)
- Switch the TwoFactorLoginResponse for a contract bound in container (#34)
- Enable password confirmation (9e9d154)
- Extract
ConfirmPassword
action (a9e68f2)
- Update what is passed to custom callback (9215e54)
- Pass request through to the callback (#21)
- Allow granular authentication customization (cd8b6aa)
- Allow full customization of authentication pipeline (6c36b08)
- Use PasswordValidationRules trait in CreateNewUser action (#18)
- Callable customization of any view (661d726)
Initial stable release.