amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-04-03 12:28:51 +00:00
Code Issues Projects Releases Wiki Activity

fix(web): use a distinct salt for TOTP authentication

Browse Source
This commit is contained in:
Francis Lachapelle
2021-10-26 16:30:01 -04:00
parent f70d60004d
commit d751ad99d6
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Documentation/SOGoInstallationGuide.asciidoc
View File

@@ -3142,6 +3142,10 @@ current version of SOGo from the previous release.
[cols="100a"]
|=======================================================================
h|5.3.0
|A new private salt must be generated for users using TOTP. When TOTP is enabled for a user, it will
be disabled until the user configures it again, which will generate a new private salt.
h|5.1.0
|The XSRF protection is now enabled by default in SOGo. If you use the C.A.S. mechanisim, you need
to disable XSRF by adding `SOGoXSRFValidationEnabled = NO` to your configuration file.