Unverified Commit af26d26f authored by Markus Kirsch's avatar Markus Kirsch Committed by gitbook-bot
Browse files

GitBook: [master] 2 pages modified

parent b9277da9
...@@ -79,7 +79,7 @@ await APIClient.v1.post('users.2fa.sendEmailCode', undefined, {emailOrUsername: ...@@ -79,7 +79,7 @@ await APIClient.v1.post('users.2fa.sendEmailCode', undefined, {emailOrUsername:
## Handling password fallback ## Handling password fallback
If an api request returns TOTP Required with a method *password*, then the API user's password is required to authenticate the request: If an api request returns TOTP Required with a method _password_, then the API user's password is required to authenticate the request:
```javascript ```javascript
// Error example // Error example
...@@ -109,7 +109,7 @@ curl -H "X-Auth-Token: $YOUR_AUTH_TOKEN" \ ...@@ -109,7 +109,7 @@ curl -H "X-Auth-Token: $YOUR_AUTH_TOKEN" \
-H "X-2fa-code: $SHA_256_HASH_OF_API_USER_PASSWORD" \ -H "X-2fa-code: $SHA_256_HASH_OF_API_USER_PASSWORD" \
-H "X-2fa-method: password" \ -H "X-2fa-method: password" \
http://localhost:3000/api/v1/users.update \ http://localhost:3000/api/v1/users.update \
-d '{"userId": "SOME_USER_ID", "data": { "requirePasswordChange": false }}' -d '{"userId": "SOME_USER_ID", "data": { "requirePasswordChange": false }}'
``` ```
## Enabling the Two Factor via Email ## Enabling the Two Factor via Email
...@@ -141,3 +141,4 @@ It's possible to disabled the email check by calling the endpoint `users.2fa.dis ...@@ -141,3 +141,4 @@ It's possible to disabled the email check by calling the endpoint `users.2fa.dis
```javascript ```javascript
await APIClient.v1.post('users.2fa.disable-email'); await APIClient.v1.post('users.2fa.disable-email');
``` ```
...@@ -10,22 +10,30 @@ Please make sure to follow new version updates by subscribing to our newsletters ...@@ -10,22 +10,30 @@ Please make sure to follow new version updates by subscribing to our newsletters
**Issues** **Issues**
\*\*\*\*
{% hint style="danger" %}
**2020-0004 - High Severity issue** fixed at **2020-10-01**
Rocket.Chat Desktop Client - affects **2.x**, ****fixed on **3.0**
_details will be added with next release_
{% endhint %}
{% hint style="danger" %} {% hint style="danger" %}
**RC-2020-0003 - High Severity issue** fixed at **2020-08-29** **RC-2020-0003 - High Severity issue** fixed at **2020-08-29**
Rocket.Chat Server - affects **3.4.x**, ****fixed on **3.6** Rocket.Chat Server - affects **3.4.x**, ****fixed on **3.6**
_Details will be added with the next release_ **\(RCE\)** Fixed an issue where discussion messages could be used to insert and execute code.
{% endhint %} {% endhint %}
{% hint style="info" %} {% hint style="info" %}
**RC-2020-0002 - Low Severity issue** fixed at **2020-08-29** **RC-2020-0002 - Low Severity issue** fixed at **2020-08-29**
Rocket.Chat Server - affects **3.x**, ****fixed on **3.6** Rocket.Chat Server - affects **3.x**, ****fixed on **3.6**
_Details will be added with the next release_ Added a missing X-Frame Options Header in the admin
{% endhint %} {% endhint %}
{% hint style="danger" %} {% hint style="danger" %}
**RC-2020-0001 - High Severity issue** fixed at **2020-07-25** **RC-2020-0001 - High Severity issue** fixed at **2020-07-25**
Rocket.Chat Server - affects **3.4.x**, ****fixed on **3.5** and **3.4.2** Rocket.Chat Server - affects **3.4.x**, ****fixed on **3.5** and **3.4.2**
**\(RCE\)** Fixed an issue where thread starting messages could be used to insert and execute code. Thanks to Pawel Wylecial of [REDTEAM.PL](http://redteam.pl/) **\(RCE\)** Fixed an issue where thread starting messages could be used to insert and execute code. Thanks to Pawel Wylecial of [REDTEAM](http://redteam.pl/)_.PL_
{% endhint %} {% endhint %}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment