Skip to content

Releases: nette/security

Released version 3.2.5

Choose a tag to compare

@dg dg released this 15 Jun 05:44
  • fixed compatibility with nette/http 3.4
  • Identity: use ctype_digit for stricter numeric ID detection

Released version 3.2.4

Choose a tag to compare

@dg dg released this 11 May 21:19
  • Guest identity – an IdentityHandler authenticator may now implement getGuestIdentity(): ?IIdentity to hand anonymous visitors a real identity. When present, getIdentity(), getId() and getRoles() transparently fall back to it, so guests carry their own roles and data instead of just the $guestRole string. The guest identity is resolved on read only and never written to storage.

  • $persistIdentity – the new User::$persistIdentity property lets you decide what happens to the identity after logout or expiration. It stays available for personalization by default; flip it to false and getIdentity()/getId() return null once the user is no longer logged in. Configurable straight from the security.authentication DI section.

  • SessionStorage no longer refreshes the sliding expiration timestamp once the session has already expired – an expired identity stays expired instead of being silently kept alive for another round

  • Adopted nette/phpstan-rules and made static analysis a mandatory part of the build, then resolved the errors it surfaced

  • Improved phpDoc types and descriptions across the codebase

Released version 3.2.2

Choose a tag to compare

@dg dg released this 30 Oct 22:52
  • support for PHP 8.5
  • optimized global function calls

Released version 3.2.1

Choose a tag to compare

@dg dg released this 04 Nov 12:31
  • support for PHP 8.4
  • SecurityExtension: password can be dynamic #74
  • $user => $username #73

Released version 3.2.0

Choose a tag to compare

@dg dg released this 21 Jan 20:47
  • requires PHP 8.1
  • uses PHP 8.1 features
  • removed deprecated IUserStorage (BC break)

Released version 3.1.8

Choose a tag to compare

@dg dg released this 18 Oct 17:07
  • support for PHP 8.3
  • constants are PascalCase
  • used #[\SensitiveParameter] to mark sensitive parameters

Released version 3.1.7

Choose a tag to compare

@dg dg released this 02 Feb 10:58
  • composer: allows nette/utils 4.0

Released version 3.1.6

Choose a tag to compare

@dg dg released this 12 Oct 22:40
  • CookieStorage: getState returns the previously set ID #67
  • CookieStorage: fixed SameSite attribute
  • SessionStorage::setExpiration() does not overwrite data in the session
  • SimpleAuthenticator: refactoring, added verifyPassword()
  • strict type fix
  • coding style

Released version 3.1.5

Choose a tag to compare

@dg dg released this 19 Oct 23:35
  • SessionStorage: used new sessionSection API to not start the session unless needed

Released version 3.1.4

Choose a tag to compare

@dg dg released this 25 Aug 16:05
  • support for PHP 8.1
  • User::setExpiration() second argument accept also bool $clearIdentity
  • User: added consts LOGOUT_MANUAL & LOGOUT_INACTIVITY
  • fixed compatibility with Symfony DebugClassLoader
  • compatibility: improved code hinting