BREAKING CHANGE(twofauth): Update image docker.io/2fauth/2fauth 6.1.3 → 7.0.1 (#48925)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [docker.io/2fauth/2fauth](https://redirect.github.com/Bubka/2FAuth) |
major | `0b2e2ea` → `4209283` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Release Notes

<details>
<summary>Bubka/2FAuth (docker.io/2fauth/2fauth)</summary>

###
[`v7.0.1`](https://redirect.github.com/Bubka/2FAuth/blob/HEAD/changelog.md#701---2026-06-09)

[Compare
Source](https://redirect.github.com/Bubka/2FAuth/compare/v7.0.0...v7.0.1)

##### Fixed

- [issue
#&#8203;548](https://redirect.github.com/Bubka/2FAuth/issues/548)
Sharing actions only available in “Show Password: After a Click/Tab”
view, not obvious to users

###
[`v7.0.0`](https://redirect.github.com/Bubka/2FAuth/blob/HEAD/changelog.md#700---2026-06-08)

[Compare
Source](https://redirect.github.com/Bubka/2FAuth/compare/v6.1.3...v7.0.0)

Account sharing has finally arrived in 2FAuth!\
First mentioned in February 2024, I believe this is the most anticipated
feature since the beginning of 2FAuth's development.

First, a quick reminder: The purpose of 2FA is to provide a second piece
of evidence to prove your identity during an authentication process.
That means the secret which allow to generate this short-lived piece of
evidence, the One-Time Password, must be kept in a safe place and it
should not be disclosed. This has guided the development of 2FAuth up to
now and has also influenced the way the sharing feature has been
designed: The shared resource should be the ability to generate OTPs,
not the secret itself.

In practice, sharing a 2FA account in 2FAuth does not grant the
recipient full access to the account. While the recipient can view the
account and generate OTPs, they cannot access the secret. Therefore, no
editing, exporting, or displaying of QR codes is possible; these
functions remain exclusive to the owner.
From a UI perspective, I did my best to make it clear what is shared,
with whom and under which conditions, while ensuring a seamless fit with
the existing design — even on mobile — without disrupting the user
experience. I hope you find this intregration efficient and convenient.

This release also introduces the ability to transfer ownership of a 2FA
account. This feature should provide flexibility for team-based usage,
especially when responsibilities change or access needs to be
transferred to another person. Please note that ownership transfer is
only available when sharing is enabled.

To complete the picture, OTP generation now comes with a log that is
directly available in the web application. This audit trail makes it
easy to review usage and keep track of who generated a code and when,
without recording the code itself.

2FA Sharing is disabled by default. You can activate it from the Admin
Panel. If you'd like to learn more, please consult the [2FA Sharing
documentation](https://docs.2fauth.app/usage/2fa-sharing/).

##### Added

- 2FA sharing
- 2FA ownership transfer
- OTP generation log
- Expiration date of OAuth tokens in User Settings
([#&#8203;536](https://redirect.github.com/Bubka/2FAuth/issues/536)).

##### Changed

- Dependency on the `APP_URL` environment variable has been reduced. It
is now possible to access the web app using a URL other than the one set
in `APP_URL`. Typically, this would be an internal URL, such as a local
IP address. **Important**: Some features still rely on `APP_URL` to work
as expected. These include SSO (during redirections) and WebAuthn
authentication.
- Minor UI adjustments

##### Fixed

- [issue
#&#8203;538](https://redirect.github.com/Bubka/2FAuth/issues/538) Search
field gets focus when trying to select an account in Manage mode using
keyboard
- [issue
#&#8203;545](https://redirect.github.com/Bubka/2FAuth/issues/545) Case
sensitivity in e-mail/uid-string during SSO authentication
- [issue
#&#8203;546](https://redirect.github.com/Bubka/2FAuth/issues/546)
Unencoded # in otpauth URI breaks decoding

##### API \[1.10.0]

- New `is_borrowed`, `shared_by`, `is_shared` and `is_shared_with_all`
properties in `2FAccount` resource description. See GET
`/api/v1/twofaccounts/{id}`
([doc](https://docs.2fauth.app/resources/rapidoc.html#get-/api/v1/twofaccounts/-id-))
and GET `/api/v1/twofaccounts`
([doc](https://docs.2fauth.app/resources/rapidoc.html#get-/api/v1/twofaccounts)).
- `/api/v1/twofaccounts/{id}/owner` PATCH path added
([doc](https://docs.2fauth.app/resources/rapidoc.html#patch-/api/v1/twofaccounts/-id-/owner)).
- `/api/v1/twofaccounts/{id}/recipients` GET path added
([doc](https://docs.2fauth.app/resources/rapidoc.html#get-/api/v1/twofaccounts/-id-/recipients)).
- `/api/v1/twofaccounts/{id}/shares` GET, POST, DELETE paths added
([doc](https://docs.2fauth.app/resources/rapidoc.html#get-/api/v1/twofaccounts/-id-/shares)).
- `/api/v1/twofaccounts/{id}/shares/all` POST path added
([doc](https://docs.2fauth.app/resources/rapidoc.html#post-/api/v1/twofaccounts/-id-/shares/all)).
- `/api/v1/twofaccounts/{id}/shares/{userid}` DELETE path added
([doc](https://docs.2fauth.app/resources/rapidoc.html#delete-/api/v1/twofaccounts/-id-/shares/-userid-)).
- Documentation for `/api/v1/features` GET path added
([doc](https://docs.2fauth.app/resources/rapidoc.html#get-/api/v1/features)).

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC90d29mYXV0aCIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWFqb3IiXX0=-->
This commit is contained in:
TrueCharts Bot
2026-06-10 06:38:35 +02:00
committed by GitHub
parent 26d6116909
commit dbd68aaff7
2 changed files with 3 additions and 3 deletions
+2 -2
View File
@@ -9,7 +9,7 @@ annotations:
trueforge.org/min_helm_version: "3.14"
trueforge.org/train: stable
apiVersion: v2
appVersion: 6.1.3
appVersion: 7.0.1
dependencies:
- name: common
version: 29.3.4
@@ -36,5 +36,5 @@ sources:
- https://github.com/trueforge-org/truecharts/tree/master/charts/stable/twofauth
- https://hub.docker.com/r/2fauth/2fauth
type: application
version: 6.3.0
version: 7.0.0
+1 -1
View File
@@ -2,7 +2,7 @@
image:
repository: docker.io/2fauth/2fauth
pullPolicy: IfNotPresent
tag: 6.1.3@sha256:0b2e2ea74f06ccddbc32b28495adfc92c8f5535cec1b3141dca95ee7c3c5189f
tag: 7.0.1@sha256:42092830b535a852a17426b76abfc44362cb37f3345d340d910b85d2d166e4c4
securityContext:
container: