From d751ad99d6ef73be26b5e2cef987964dde3226e6 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 26 Oct 2021 16:30:01 -0400 Subject: [PATCH] fix(web): use a distinct salt for TOTP authentication --- Documentation/SOGoInstallationGuide.asciidoc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Documentation/SOGoInstallationGuide.asciidoc b/Documentation/SOGoInstallationGuide.asciidoc index 4d631c671..4737c7e62 100644 --- a/Documentation/SOGoInstallationGuide.asciidoc +++ b/Documentation/SOGoInstallationGuide.asciidoc @@ -3142,6 +3142,10 @@ current version of SOGo from the previous release. [cols="100a"] |======================================================================= +h|5.3.0 +|A new private salt must be generated for users using TOTP. When TOTP is enabled for a user, it will +be disabled until the user configures it again, which will generate a new private salt. + h|5.1.0 |The XSRF protection is now enabled by default in SOGo. If you use the C.A.S. mechanisim, you need to disable XSRF by adding `SOGoXSRFValidationEnabled = NO` to your configuration file.