Hi All, This week we will be shipping FxA train-76 to production. It's a pretty small train due to the All Hands, and hot on the heels of the last one, but it's got the following highlights:
* Newly-created accounts are now exempt for sign-in confirmation for a brief period. The theory here is that attackers are quite unlikely to have compromised the password of a newly-created account, but the legitimate owner is quite likely to want to sign in to a second device. We'll carefully measure the impact of this feature and tweak as appropriate. * We no longer clutter the application error logs with spurious "missing tokens" messages. * We fixed a few other details of back-end error handling, to avoid masking errors by throwing another error during error handling. Yeah, fun times! * It should now be possible to verify your account by opening the verification link in iOS Safari in Private Browsing mode. Our metrics indicate that users do in fact do this on occasion. * The oauth-server now does stricter validation on client redirect URIs, insisting that they have sane URL schemes and are not, say, javascript: or data: URLs. (This was never a security problem in practice because we manually vet all new OAuth clients, but it's nice to be doubly sure!) * A variety of test fixes and dependency updates. As always, you can find more details in the changelogs for each repo: https://github.com/mozilla/fxa-auth-server/blob/v1.76.1/CHANGELOG.md https://github.com/mozilla/fxa-auth-mailer/blob/v1.76.0/CHANGELOG.md https://github.com/mozilla/fxa-content-server/blob/v0.76.0/CHANGELOG.md https://github.com/mozilla/fxa-oauth-server/blob/v0.76.0/CHANGELOG.md https://github.com/mozilla/fxa-profile-server/blob/v0.76.1/CHANGELOG.md There are also detailed PR metrics included below if you're interested. This will be the last FxA deployment for 2016. Thanks to everyone involved in the project for an exciting, productive, at times slightly terrifying, but ultimately always satisfying year! I'm really looking forward to 2017 and beyond with this project and this team. Cheers, Ryan ------------ This train we are shipping work on the following features: * FxA-41: signin funnel metrics: 3 PRs (now 59 / 70 = 84% complete) As well as 16 general quality improvements. _______________________________________________ Dev-fxacct mailing list Dev-fxacct@mozilla.org https://mail.mozilla.org/listinfo/dev-fxacct