New Features

• Audit logging of configuration changes
• OpenPGP Encryption for tokens created on behalf
• Tags/ Notes for IP address restrictions

Changes

• Users who can't create their own tokens but can use tokens can now see a list of their tokens, i.e. to see expiration dates or other details
• The list of tokens now shows an expiration warning if a token expires within the next 14 days
• Changed texts in the permission settings so that it's more clear what the on-behalf permission implies

2.0.1

• Updated internal and 3rd party libraries
• Improved text of a few element descriptions in the UI

2.0.2

• fixed a bug that caused UI not to load if the user logged in has no e-mail address set
• hardened app against username enumeration
  • removed mentions of usernames in responses that led to 401 - Unauthenticated
  • for troubleshooting purposes, admins can still look up details of authentication failures in the log files
• Updated internal and 3rd party libraries

2.0.3

• further hardening against username enumeration
  • in addition to the changes in version 2.0.2, the error message in a 401 response is now identical to the one Atlassian sends: "Basic Authentication Failure - Reason : AUTHENTICATED_FAILED"

2.0.4

• no public release

2.0.5

• 3rd party and internal library updates