breaking changes
- Drop support to Ruby < 2.7
- Drop support to Rails < 6.0
- Remove SecretKeyFinder and use app.secret_key_base as the default secret key for Devise.secret_key if a custom Devise.secret_key is not provided.
  
  This is potentially a breaking change because Devise previously used the following order to find a secret key:
```
app.credentials.secret_key_base > app.secrets.secret_key_base > application.config.secret_key_base > application.secret_key_base
```
  Now, it always uses application.secret_key_base. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for recoverable, lockable, and confirmable will be invalid. #5645
enhancements
- Removed deprecations warning output for Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION (@soartec-lab)
- Add Rails 8 support.
  - Routes are lazy-loaded by default in test and development environments now so Devise loads them before Devise.mappings call.
bug fixes
- Make Devise work without ActionMailer when Zeitwerk autoloader is used.

Please check 4-stable for previous changes.

Provide feedback

Saved searches