Skip to content

Releases: meili-NG/meiliNG.js

Ver. 0.9.6

25 Dec 07:15
@Alex4386 Alex4386
v0.9.6
6cb054e
Compare
Choose a tag to compare
Ver. 0.9.6 Pre-release
Pre-release

Welcome back!
We're now releasing meiliNG version 0.9.6! 🥳
This version fixes a WebAuthn bug on some frontend implementations

What's new?

  • Fixed WebAuthn verification logic to work with some frontend implementations that doesn't include { "type": "public-key" } in the challengeResponse.
Assets 2
Loading

Ver. 0.9.5

22 Nov 14:31
@Alex4386 Alex4386
v0.9.5
0138054
Compare
Choose a tag to compare
Ver. 0.9.5 Pre-release
Pre-release

Welcome back!
We're now releasing meiliNG version 0.9.5! 🥳

This is a hotfix release for 0.9.4, which is broken due to unwanted upgrade to fastify@4.

What's new?

Migrated to Fastify 4

Assets 2
Loading

Ver. 0.9.4 (BROKEN)

22 Nov 13:52
@Alex4386 Alex4386
v0.9.4
ace9dfd
Compare
Choose a tag to compare
Ver. 0.9.4 (BROKEN) Pre-release
Pre-release

Welcome back!
We're now releasing meiliNG version 0.9.4! 🥳

This fixes several bugs from v0.9.3, and does not contain breaking changes.

What's new?

2FA Bug Fix (again)

Fixed the bug that validation logic that didn't allow string type challengeResponse.
This is fixed. on this time.

Package upgrade

  • fastify
  • @xmldom/xmldom
    was upgraded to mitigate some vulns alerted by GitHub Advisory.
Assets 2
Loading

Ver. 0.9.3

21 Nov 10:46
@Alex4386 Alex4386
v0.9.3
d80bbbc
Compare
Choose a tag to compare
Ver. 0.9.3 Pre-release
Pre-release

Welcome back!
We're now releasing meiliNG version 0.9.3! 🥳

What's new?

Initial configuration script

The stub yarn configure command to configure initial database of meiliNG is now here!
It is still a stub, but you can now setup meiliNG without manually configuring with Prisma Studio.

2FA Bug Fix

Fixed the bug that validation logic that didn't allow string type challengeResponse.
This fixes phone/email 2FA bug.

Added admin endpoints for permission configuration

Stub endpoints for permissions crud is now available.

Assets 2
Loading

Ver. 0.9.2

08 Sep 23:25
@Alex4386 Alex4386
v0.9.2
e6c2785
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Ver. 0.9.2 Pre-release
Pre-release

Welcome back!
We're now releasing meiliNG version 0.9.2! 🥳

What's new?

Hotfix Release

This version of meiliNG fixes a serious/security vuln due to implementation of wrong logic flow on skip2FA.
Affected versions: v0.9.1.

If you are using v0.9.1, upgrade as soon as possible.

Assets 2
Loading

Ver. 0.9.1

04 Sep 12:10
@Alex4386 Alex4386
v0.9.1
c682a7b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Ver. 0.9.1 Pre-release
Pre-release

Welcome back!
We're now releasing meiliNG version 0.9.1! 🥳

What's new?

  • You can now use skip2FA to skip 2FA on this session.
Assets 2
Loading

Ver. 0.9.0

22 Aug 14:29
@Alex4386 Alex4386
v0.9.0
93dd017
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Ver. 0.9.0 Pre-release
Pre-release

Welcome back! It's been a long time.
We're now releasing meiliNG version 0.9.0! 🥳

This version introduces a lot of breaking changes and underlying code change.

What's new?

  • Major rewrite on how errors are handled.
  • Fastify Errors are now properly handled in meiliNG's format.
  • Developer mode now helps with your debug with detailed stacktrace on your response
  • Added sentry support!
  • Experimental "Swagger"/"OpenAPI 3.0" support.
  • /v1/admin/sessions/count endpoint is now implemented!
  • Fixed a bug on id_token generation that did not provide key id on JWT itself.
  • added user-land CRUD operation for e-mail and phone
  • Fixed isPrimary property was not properly handled via addPhone function call. oops.
  • Two Factor authentication now reached stable!
  • TOTP and WebAuthn Support!
  • Fixed several bugs on PGP signature 2FA flow
  • Rate limiting will now issued faster without DB query with runtime rate-limit cache
    (Special Thanks to someone DDoS-attacked our backend 🤦🏻, should done this from beginning)
  • administrative login support to specific session with /v1/admin/auth/login. This can be used for custom login flows such as oAuth2/SAML2 integration with third-party.
  • Mitigated potential prisma query injection vulnerability that @kjsman pointed out. Thanks!
  • Mitigated potential prototype pollution vulnerability that @kjsman pointed out
  • Fixed admin endpoints can not process GET queries if the query contains numeric characters only
  • Fixed /v1/admin/users/:userId/phones and /v1/admin/users/:userId/phones/:phoneId endpoints not working properly (no response, querying wrong db)
  • Fixed a bug that "Deleted" users could not be looked up via User.getDetailInfo.
  • Fixed a bug that /v1/admin endpoints return undefined on /v1/admin/users endpoint when deleted user occurrs
  • Fixed a bug that lead to unable to lookup any "Deleted" users via admin endpoints
  • Fixed obsolete eslint version
  • Updated Target Typescript version to 4.7.4
  • Updated Prisma to 4.1.1

Now that's a-lotta-features!

The following features are now deployed and available on Stella IT Accounts.
Thank you for choosing meiliNG!

Contributors

kjsman
Assets 2
Loading

Ver. 0.8.4

13 Feb 13:38
@Alex4386 Alex4386
v0.8.4
3d8276b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Ver. 0.8.4 Pre-release
Pre-release

Welcome back!
We're now releasing Meiling Gatekeeper version 0.8.4! 🥳

This version introduces some security patches.
upgrade as soon as possible!

What's new?

  • patched probable vulnerability for JWT algorithm confusion on ID Token Endpoint - reported by @kjsman
  • /v1/admin/users/:userId/authns previously did not handle createdAt properly.
  • Fixed keygen.js on JWT algorithm selection - @kdhkr
  • isVerified property is now properly ignored on /v1/admin/users/:userId/phones.

Thank you for choosing Meiling Gatekeeper.
See you on next release!

Contributors

kjsman and kdhkr
Assets 2
Loading

Ver. 0.8.3

12 Feb 08:44
@Alex4386 Alex4386
v0.8.3
b041dfc
Compare
Choose a tag to compare
Ver. 0.8.3 Pre-release
Pre-release
  • Updated dependencies
  • Fixed /v1/admin/users POST endpoint which did NOT fixed at previous attempt - @Baw-Appie

Contributors

Baw-Appie
Assets 2
Loading

Ver. 0.8.2

12 Feb 08:27
@Alex4386 Alex4386
v0.8.2
25a3944
Compare
Choose a tag to compare
Ver. 0.8.2 Pre-release
Pre-release

This version fixes /v1/admin/users POST endpoint not properly processing properly - reported by @Baw-Appie.
Also, this version fixes Utils.isNotBlank unable to process undefined properly.

Contributors

Baw-Appie
Assets 2
Loading