Knock Knock 2.x is on version 2.0.11, released on Nov 09, 2023
Released Nov 09, 2023
Action request endpoints are now no longer protected.
Fix too-early call on User::getIdentity() when plugin is disabled, for better performance.
Released June 05, 2023
Fix an error when checking the enabled state of the plugin.
Released May 27, 2023
Add Cache-Control headers when redirecting.
Fix an incorrect check for enabled state for multi-site installs.
Released Mar 02, 2023
Fix unprotectedUrls as a config option not working correctly.
Released Jan 18, 2023
Only admins are now allowed to access plugin settings.
Fix Protected URLs/Unprotected URLs not working correctly for multiple values when set via the control panel.
Released Dec 10, 2022
Add enableCpProtection plugin setting.
Fix login challenge when accessing the control panel.
Released Nov 16, 2022
Fix an error introduced in 2.0.4.
Released Nov 15, 2022
Add support for Cloudflare remote IP checking.
Add support to block CP-based pages, not just site-based requests.
Released Oct 19, 2022
Fix an issue with live preview checks for access control.
Released July 13, 2022
Fix protectedUrls, and unprotectedUrls URLs partial-matching incorrectly due to Regex rules.
Better normalising of allowIps, denyIps, protectedUrls, and unprotectedUrls settings.
Revert infinite loop check, which results in incorrect redirect URLs.
Released July 12, 2022
Fix an error when installing the plugin.
Released July 10, 2022
Add resave console command for elements.
Add checks for registering events for performance.
Add archiveTableIfExists() to install migration.
Now requires PHP 8.0.2+.
Now requires Craft 4.0.0+.
Now requires Knock Knock 1.2.16 in order to update from Craft 3.
Rename service classes.
Rename base plugin methods.
Use Application::EVENT_INIT to test access to ensure Craft is initialized properly.
Released July 10, 2022
Allow arrays in config settings for allowIps, denyIps, protectedUrls, unprotectedUrls. (thanks @Diewy).
Fix a potential infinite redirect loop if changing from http to https.
Released Sept 17, 2021
Fix site-based custom templates not working correctly.
Released June 30, 2021
Add support for custom CP-based templates. (thanks @seibert-io).
Add support for IPv4 and IPv6 CIDR blocks in allowIps and denyIps config. (thanks @onstuimig).
Deny access to settings for non-admins.
Fix redirect URL not using the referrer URL after logging in.
Released Nov 29, 2020
Fix potential error redirecting to non-site URLs after login. In some cases, this caused redirecting to a cpresources asset.
Fix cookie not respecting the Craft defaultCookieDomain config setting.
Released Sept 10, 2020
Fix incorrect loginUrl route, causing issues on some site setups (subdirectory installs).
Released Aug 14, 2020
Allow env variables to be used in allow/deny IPs.
Fix login path not resolving correctly for some multi-site installs.
Released Aug 10, 2020
Fix challenge URL not being correct for nested URLs.
Released July 13, 2020
Add useRemoteIp to opt-in to more stricter IP checks if security is your concern.
Revert behaviour of using remote IP for checking user IP. Too many issues and edge-cases.
Released June 22, 2020
Fix potential issue splitting multi-line settings (allowIps, denyIps, protectedUrls).
Released June 18, 2020
Fix error introduced in 1.2.9.
Released June 17, 2020
Deprecate whitelistIps. Use allowIps instead.
Deprecate blacklistIps. Use denyIps instead.
Released May 20, 2020
Fix fetching the IP for a user that could allow spoofing via headers. Vulnerability IP Whitelist bypass reported by Paweł Hałdrzyński.
Ensure redirect param is validated to prevent malicious redirection. For custom forms, please update the redirect input to use {{ redirect | hash }} otherwise logins will not work. Vulnerability Open-redirect reported by Paweł Hałdrzyński.
Released Apr 21, 2020
Add forcedRedirect to force a redirected URL once logging in.
Released Apr 16, 2020
Fix logging error Call to undefined method setFileLogging().
Released Apr 15, 2020
File logging now checks if the overall Craft app uses file logging.
Log files now only include GET and POST additional variables.
Released Apr 01, 2020
Realllly fix live preview from cross-domains.
Released Mar 31, 2020
Fix error thrown for console requests.
Released Mar 31, 2020
Re-organise access testing code, and support cross-domain live preview (properly, through tokens).
Released Mar 30, 2020
Exclude live preview requests from blocking access.
Released Mar 14, 2020
Fix asset bundles causing style issues in the CP.
Released Feb 25, 2020
Add support for Regex in protected URLs.
Fix protected URL comparison taking into account query strings, when it shouldn't.
Released Jan 30, 2020
Add Craft 3.4 compatibility.
Released Jan 07, 2020
Fix yii\base\InvalidConfigException error thrown in some instances.
Released Nov 27, 2019
Added Custom login path. Thanks @X-Tender.
Allow IPs to be whitelisted from login protection.
Add Protected URLs to set specific URLs (and only those) for password protection.
Update redirect input.= Fix redirection after login.
Released June 05, 2019
Add lock-out and security behaviour.
Add multi-site settings.
Add custom template setting.
New icon.
Add override notice for settings fields.
Released Feb 09, 2019
Fix console requests throwing an error.
Released Feb 02, 2019
Downgrade requirement to Craft 3.0.x.
Fix settings not saving.
Released Jan 30, 2019
Added enabled setting.