v7.10.0

• Handle (and reject) multiple usages of an MFA-code, #279, thank you to @heiglandreas

v7.9.0

• Configuration option to use a different CSRF token manager, instead of Symfony's default one
• Configuration option to retrieve the CSRF token from a header
• Change of execution order in TwoFactorAccessListener to initialize the security token as late as possible and only if necessary

v7.8.0

• Added events for backup code validation: check, valid, invalid
• Added events for the Google Authenticator / TOTP authentication provider: check, valid, invalid
• Added events for the email code authentication provider: sent, check, valid, invalid

See events documentation.

v7.7.1

• Fix: Added missing kernel.reset tag to scheb_two_factor.trusted_token_storage, thanks to @dt-thomas-durand, #268

v7.7.0

• Implement ResetInterface on TrustedDeviceTokenStorage (allows to reset the internal state of the service, when multiple requests are served by the same worker, i.e. applications running with RoadRunner or FrankenPHP), thanks to @dt-thomas-durand, #266

v6.13.1

• Declare compatibility with PHP8.4 and run test against the new PHP version, #253, thanks to @heiglandreas and @lukasbableck

v7.6.0

• Declare compatibility with PHP8.4 and run test against the new PHP version, #253, thanks to @heiglandreas

v7.5.0

• Indonesian translation by @priyadi in #236

v7.4.0

• Wire clock for TOTP factories by @norkunas in #235

v7.3.1

• Fix deprecation for Symfony\Component\HttpKernel\DependencyInjection\Extension by @Chris53897 in #233