Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/matomo-org/matomo.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/CHANGELOG.md
diff options
context:
space:
mode:
authorStefan Giehl <stefan@matomo.org>2021-06-14 23:46:39 +0300
committerGitHub <noreply@github.com>2021-06-14 23:46:39 +0300
commit03410d62c6885010bc0968dca9ebe5e23b7c8e87 (patch)
tree7af15e34fc9221684247c82a49e9c42b40193c92 /CHANGELOG.md
parent6eec10098f09e7eb87f0c1259ed4f3b242d74757 (diff)
Disable logme functionality by default (#17665)
* Disable logme functionallity by default * add changelog
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r--CHANGELOG.md1
1 files changed, 1 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 44d892ad57..db70e88713 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ The Product Changelog at **[matomo.org/changelog](https://matomo.org/changelog)*
### Breaking Changes
+* The `logme` method for automatic logins is now disabled by default for new installations. For existing installations it will be enabled automatically on update. If you do not need it please consider disabling it again for security reasons by setting `login_allow_logme = 0` in `General` section of `config.ini.php`.
* The redirect using the `url` param for the automatic login action `logme`, will no longer do redirects to untrusted hosts. If you need to do redirects to other URLs on purpose, please add the according hosts as `trusted_hosts` entry in `config.ini.php`
### Changes to events
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-24 06:48:58 +0300