Install

Works with Drupal: ^10 || ^11

Using Composer to manage Drupal site dependencies

Alternative installation files

Download tar.gz 16.53 KB
MD5: 86a600171eb3994c5df55a40b3e4b56c
SHA-1: fca01073d3d54134d2e09342bd9d61a4d93ef2dc
SHA-256: 24c894daf76ba7fd3579a7d44cd2a6f9d21bd4bb9ebac6899ada5587fe903b5f
Download zip 23.52 KB
MD5: 84c876366940fed94aef7f0546d146f7
SHA-1: 341bf0962b5dcebcb73ab9b0f74129b893cd2fa2
SHA-256: 25870ccdf6ea1bb008d2d603634fb8dc49dcb57d973c78e57891416b4a01289a
Downloads are for manual installation, which is not recommended when using Drupal 8 or later.

Release notes

Change since 1.0.0:

  • API Validation Rate Limiting.

Note:

  • services_tfa Deprecation.

    The TFA module's services_tfa submodule (which provided the /auth/tfa web service endpoint) has been deprecated in TFA 8.x-1.4 and removed in TFA 2.0.0. This was the only built-in API endpoint of the web service.

    What this means for you:
    • If you are using standard form-based TFA login only, the existing flood control in EntryForm already protects you. This update provides additional defense-in-depth.
    • If you have custom code or integrations that directly call validateRequest() on TFA plugins, this update adds flood protection. You need to update to this version (1.0.1) unless your custom codes have already implemented similar protection in place.
    • If you are not using TFA web services in any way, this update is a precautionary measure rather than an urgent fix.
Created by: mingsong
Created on: 13 Jan 2026 at 01:56 UTC
Last updated: 13 Jan 2026 at 01:57 UTC
Git tag 1.0.1

Other releases