# Changelog
-----------

## 3.0.0
- Prepare for Drupal 11
- Clean and updated dependencies
- Remove reCAPTCHA enterprise require "Secret key" field in the configuration
- User logout route is now CSRF protected
- Add FoD IP to reCaptcha whitelist

## 2.19.2
- Remove obsolete drupal/autologout patch

## 2.19.1
- Add new patch for avoid file cache: https://www.drupal.org/project/seckit/issues/3219252#comment-15849387
- PR: Fix validation recaptcha enterprise

## 2.19.0
- Review and adapt for drupal 10.3
- Add patch to prevent sitemap broken

## 2.18.1
- Fixed: Password reset security issue

## 2.18.0
- Add support for reCAPTCHA Enterprise
- Update autologout and noreferrer dependencies for a major release

## 2.17.1
- Fixed vulnerability: Reset Password of all users

## 2.17.0
- Display a notification in the administration if "trusted_host_patterns" configuration is missing.
- PR: Pass parameter by value instead of reference

## 2.16.0
- Prepare module for Lightnest browser
- Modify text files to follow the rules of markdown characters limit
- Update file_upload_secure_validator dependency for a major release
- Use stable version of recaptcha_v3

## 2.15.0
- Add recaptcha dependencies
- Do not overwrite existing site configurations

## 2.14.0
- Prepare for Drupal 10
- Clean and updated dependencies
- PR: Fixed registration form security validation
- Fix multiple warning

## 2.13.0
- Move admin base path to module dsu_core
- Refactor pass reset form
- Add tfa module

## 2.12.0
- Disable CSP report
- Use contrib file_upload_secure_validator module instead of old custom service
- Add possibility to disable email field in profile
- Add password_policy to prlp form

## 2.11.0
- Apply changes for refactor ln_datalayer module
- Update session_limit dependency
- Fix for inline_entity_form security issue
- PR: Internal url check

## 2.10.10
- Fix warnings for PHP 8

## 2.10.8 (24 Feb, 2022)

- `dsu_security_admin_module` configuration form text changes.
- One outdated `PRLP` contrib module patch is removed.

## 2.10.7 (25 Jan, 2022)

- Enable seckit header and fix CSP header.
- Language prefix issue fixes in dsu_security_admin_module.
- Fix apply condition in dsu_security_admin_module

## 2.10.5 (05 Sep, 2021)

- Drupal session cookie lifetime is made configurable from site level.
- Cookie lifetime value can be changed from
  `/admin/config/lightnest/dsu-security`.
- `noreferrer` module dependency added.
-  Redirect issue fixes for dsu_security_admin_module.