beenull
/
mCaptcha
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mCaptcha/CHANGELOG.md

1.1 KiB
Raw Permalink Blame History

0.1.0(unreleased)

Changed

  • 2023-10-18: Environment variable names have changed, please see CONFIGURATION.md for the names of environment variables.
  • (7d0e4c6) Add secret parameter to token verification request payload(/api/v1/pow/siteverify) to mitigate a security issue that @gusted found:

    ...A malicious user could grab the sitekey and use that sitekey with mcaptcha to use it for their own server. While they can now go abuse it for illegal stuff or other stuff. You might decide, oh I don't want this! and terminate a legitimate siteKey. New request payload:

    {
	"secret": "<your-users-secret>", // found in /settings in the dashbaord
	"token": "<token-presented-by-the-user>",
	"key": "<your-sitekey>"
}
  • (42544ec42) Rename pow section in settings to captcha and add options to configure