What's New in FxA: train-76 edition

Wed, 21 Dec 2016 21:56:51 -0800 

Hi All,

This week we will be shipping FxA train-76 to production.  It's a pretty
small train due to the All Hands, and hot on the heels of the last one,
but it's got the following highlights:

  * Newly-created accounts are now exempt for sign-in confirmation for
    a brief period.  The theory here is that attackers are quite
    unlikely to have compromised the password of a newly-created
    account, but the legitimate owner is quite likely to want to sign
    in to a second device.  We'll carefully measure the impact of
    this feature and tweak as appropriate.

  * We no longer clutter the application error logs with spurious
    "missing tokens" messages.

  * We fixed a few other details of back-end error handling, to avoid
    masking errors by throwing another error during error handling.
    Yeah, fun times!

  * It should now be possible to verify your account by opening the
    verification link in iOS Safari in Private Browsing mode.  Our
    metrics indicate that users do in fact do this on occasion.

  * The oauth-server now does stricter validation on client redirect
    URIs, insisting that they have sane URL schemes and are not, say,
    javascript: or data: URLs.  (This was never a security problem in
    practice because we manually vet all new OAuth clients, but it's
    nice to be doubly sure!)

  * A variety of test fixes and dependency updates.


As always, you can find more details in the changelogs for each repo:

  https://github.com/mozilla/fxa-auth-server/blob/v1.76.1/CHANGELOG.md
  https://github.com/mozilla/fxa-auth-mailer/blob/v1.76.0/CHANGELOG.md
  https://github.com/mozilla/fxa-content-server/blob/v0.76.0/CHANGELOG.md
  https://github.com/mozilla/fxa-oauth-server/blob/v0.76.0/CHANGELOG.md
  https://github.com/mozilla/fxa-profile-server/blob/v0.76.1/CHANGELOG.md


There are also detailed PR metrics included below if you're interested.

This will be the last FxA deployment for 2016.  Thanks to everyone
involved in the project for an exciting, productive, at times slightly
terrifying, but ultimately always satisfying year!  I'm really looking
forward to 2017 and beyond with this project and this team.


  Cheers,

    Ryan



------------

This train we are shipping work on the following features:

  * FxA-41: signin funnel metrics:  3 PRs (now  59 / 70 =  84% complete)

As well as 16 general quality improvements.
_______________________________________________
Dev-fxacct mailing list
Dev-fxacct@mozilla.org
https://mail.mozilla.org/listinfo/dev-fxacct

Reply via email to