From 07abfd78e186e20a0c066dc7246409a30ad1aad7 Mon Sep 17 00:00:00 2001 From: James Cole Date: Sun, 25 Jul 2021 19:48:34 +0200 Subject: [PATCH] Throttle logins. Update changelog. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3663 --- app/Http/Controllers/Auth/LoginController.php | 3 ++- config/firefly.php | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php index 0295bc0388..fbcc341995 100644 --- a/app/Http/Controllers/Auth/LoginController.php +++ b/app/Http/Controllers/Auth/LoginController.php @@ -29,6 +29,7 @@ use FireflyIII\Http\Controllers\Controller; use FireflyIII\Providers\RouteServiceProvider; use Illuminate\Contracts\View\Factory; use Illuminate\Foundation\Auth\AuthenticatesUsers; +use Illuminate\Foundation\Auth\ThrottlesLogins; use Illuminate\Http\JsonResponse; use Illuminate\Http\RedirectResponse; use Illuminate\Http\Request; @@ -48,7 +49,7 @@ use Symfony\Component\HttpFoundation\Response; */ class LoginController extends Controller { - use AuthenticatesUsers; + use AuthenticatesUsers, ThrottlesLogins; /** * Where to redirect users after login. diff --git a/config/firefly.php b/config/firefly.php index 8f2e017207..140bde30a8 100644 --- a/config/firefly.php +++ b/config/firefly.php @@ -95,12 +95,12 @@ return [ ], 'feature_flags' => [ 'export' => true, - 'telemetry' => true, + 'telemetry' => false, 'webhooks' => false, 'handle_debts' => true, ], - 'version' => '5.5.12', + 'version' => '5.5.13', 'api_version' => '1.5.2', 'db_version' => 16, 'maxUploadSize' => 1073741824, // 1 GB