Security update for v2.3.0 This update fixes two low-impact security-related bugs in uffd. 1) TOTP code reuse: Uffd supports Time-based one-time password (TOTP) as a 2FA method. In addition to being short-lived (the "time-based" part), TOTP codes are supposed to be single-use (the "one-time" part) to be more resistant against phishing and eavesdropping. Until this release however, uffd allowed the same code to be used multiple times during it's validity period. 2) Broken OAuth2 authorization code invalidation: When a user authenticates with an SSO-connected application, a secret is transported in an URL query parameter when the user is redirected back from the SSO to the application. The application then uses this secret, the authorization code, to establish the user's identity. Anyone in possession of a valid authorization code can use it to impersonate the user it was issue for at the application it was issued for. Authorization codes are supposed to be single-use. Due to a bug introduced in v1.1.0 however, authorization codes were not invalidated on use and remained valid until they expired. Thanks to the short lifetime of authorization codes, the security impact of this issue is relativly low, unless an attacker has live access to webserver or application logs which usually include URL query parameters.