-
Welcome to the Chevereto user community!
Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.
Please keep in mind:
- 😌 This community is user driven. Be polite with other users.
- 👉 Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
- 💸 Purchase a Pro Subscription to get access to active software support and faster ticket response times.
🛡 Added two-factor authentication
Now under
As you may notice the new section is called "Security". This is because there will be more options in the future, like active sessions and stuff like that. Do you need more security? 🤗 Feel free to open a RFC.
Now under
/settings/security users will be able to add two-factor authentication for their accounts. This works with any TOTP provider, namely Google Authenticator, Microsoft Authenticator, etc.As you may notice the new section is called "Security". This is because there will be more options in the future, like active sessions and stuff like that. Do you need more security? 🤗 Feel free to open a RFC.
🛡 Added encrypted application secrets
Currently user passwords are stored using hashing, same user-API keys. This means that if the database gets compromised an attacker won't be able to access these. In the other hand, application secrets (as your AWS S3 password) up to now are stored in plain text in the database, which is a serious security concern as access to these is protected only by one layer. In other words, if an attacker get access to your database it could for sure compromise your SMTP, all your storages, your external services, etc.
With V4.0.0-beta.10 I'm introducing encrypted application secrets, meaning that the database will store an encrypted value, which is useless without the encryption key.
Don't worry, the upgrade will be automatic 🤗 as the system will auto create the keys and it will encrypt all existing secrets.
Currently user passwords are stored using hashing, same user-API keys. This means that if the database gets compromised an attacker won't be able to access these. In the other hand, application secrets (as your AWS S3 password) up to now are stored in plain text in the database, which is a serious security concern as access to these is protected only by one layer. In other words, if an attacker get access to your database it could for sure compromise your SMTP, all your storages, your external services, etc.
With V4.0.0-beta.10 I'm introducing encrypted application secrets, meaning that the database will store an encrypted value, which is useless without the encryption key.
Don't worry, the upgrade will be automatic 🤗 as the system will auto create the keys and it will encrypt all existing secrets.
User-based API keys are already a thing for V4.0: https://v4-docs.chevereto.com/developer/api/api-v1.html (added in v4.0.0.beta.7)
V4.0.0-beta.10 will be released very soon.
🐘 Added bcmath polyfill
Chevereto uses the PHP bcmath extension for generating the alphanumeric representation of integer ids. In some systems this extension is disabled and Chevereto can't be used.
In this release we are removing that hard dependency by adding a polyfill that provides the same functionality for these systems without the extension.
Chevereto uses the PHP bcmath extension for generating the alphanumeric representation of integer ids. In some systems this extension is disabled and Chevereto can't be used.
In this release we are removing that hard dependency by adding a polyfill that provides the same functionality for these systems without the extension.
🐞 Fixed bug in URL paste handler when URL upload is disabled
The paste URL even was being called even if the URL upload functionality was disabled. This is only an user interface bug, now the handler ignores URLs if URL uploading is forbidden.
The paste URL even was being called even if the URL upload functionality was disabled. This is only an user interface bug, now the handler ignores URLs if URL uploading is forbidden.