## [2.6.0] - June 12, 2022

- Drops support for Rails 5.0, 5.1 and 5.2, see https://endoflife.date/rails thoughtbot#964
- Drops support for Ruby 2.4, 2.5 and 2.6, see https://endoflife.date/ruby thoughtbot#964
- Adds support for Turbo with appropriate status codes thoughtbot#965
- Adds unique constraints on `remember_token` and `confirmation_token` thoughtbot#966
- Allows `user_parameter` to be configuration, e.g. `params[:custom_id]` instead of
  `params[:user_id]` thoughtbot#782 (Bryan Marble)
- Updates SignInGuard documentation thoughtbot#950 (Matthew LS)
- Forward options in redirect_back_or helper (thoughtbot#968) (Matthew LS)
- Add configuration option to disable sign in after password reset (thoughtbot#969) (Till
  Prochaska)

[2.6.0]: thoughtbot/clearance@v2.5.0...v2.6.0

v2.5.0

Fixed

- Fix open redirect vulnerability

Changed

- Rename default branch to `main`

v2.4.0

Added

- Optionally use signed cookies to prevent remember token timing attacks

v2.3.1

Fixed

- Support for accessing Rails 6.x primary_key_type in generator.
- Fix password reset URLs when using a custom model
- Fix flaky test that relied on too specific time delta
- Revert case sensitivity for email uniqueness
- Bump nokogiri and actionview dependencies to address security
  vulnerabilities

 [ci skip] Bump version to 2.3.0

v2.2.1

Fixed
-----

- Prevent user enumeration by timing attacks. Trying to log in with an
  unrecognized email address will now take the same amount of time as for a user
  that does exist in the system.

fixup! Release version 2.2.0

Release version 2.1.0

Release version 2.0.0

Release version 1.17.0