diff --git a/changelog.md b/changelog.md index 098fe283..258b95db 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,13 @@ # Change log +## [5.4.1] - 2024-11-17 + +### Security release + +- Fix XSS & SSRF vulnerabilities (thx to the XBOW team). +- Content Security Policy is now available and enable by default. CSP helps to prevent or minimize the risk of certain types of security threats. + If CSP is already enable on your server, you can set the `CONTENT_SECURITY_POLICY` environment variable to `false` to disable it at 2FAuth level. + ## [5.4.0] - 2024-11-08 ### Changed diff --git a/config/2fauth.php b/config/2fauth.php index 16228fa2..c8d34fc4 100644 --- a/config/2fauth.php +++ b/config/2fauth.php @@ -9,7 +9,7 @@ | */ - 'version' => '5.4.1-beta', + 'version' => '5.4.1', 'repository' => 'https://github.com/Bubka/2FAuth', 'latestReleaseUrl' => 'https://api.github.com/repos/Bubka/2FAuth/releases/latest', 'installDocUrl' => 'https://docs.2fauth.app/getting-started/installation/self-hosted-server/',