diff --git a/.changeset/registration-rate-limit.md b/.changeset/registration-rate-limit.md deleted file mode 100644 index c761d64..0000000 --- a/.changeset/registration-rate-limit.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -'seamless-auth-api': patch ---- - -Rate limit the `POST /registration/register` endpoint. - -Registration now applies the same per-IP and per-identity limiters already used by -the OTP and phone-registration routes. This closes an unthrottled path that allowed -registration/OTP spam and account enumeration against the endpoint. diff --git a/CHANGELOG.md b/CHANGELOG.md index 9199b1d..2b0707a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,15 @@ # seamless-auth-api +## 0.2.3 + +### Patch Changes + +- a236888: Rate limit the `POST /registration/register` endpoint. + + Registration now applies the same per-IP and per-identity limiters already used by + the OTP and phone-registration routes. This closes an unthrottled path that allowed + registration/OTP spam and account enumeration against the endpoint. + ## 0.2.2 ### Patch Changes diff --git a/package.json b/package.json index ff420af..26cf8ff 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "seamless-auth-api", - "version": "0.2.2", + "version": "0.2.3", "description": "Seamless Auth API - A web application server for supporting a Seamless Auth server instance.", "main": "index.js", "type": "module",