News In 2016
django-allauth 0.29.0 released
Posted by Raymond Penners on 2016-11-21
Noteworthy changes Addressed Django 1.10 deprecation warnings.
django-allauth 0.28.0 released
Posted by Raymond Penners on 2016-10-13
Security notice Previous versions contained a vulnerability allowing an attacker to alter the provider specific settings for SCOPE and/or AUTH_PARAMS (part of the larger SOCIALACCOUNT_PROVIDERS setting). The changes would persist across subsequent requests for all users, provided these settings were explicitly set within your project.
Read moredjango-allauth 0.27.0 released
Posted by Raymond Penners on 2016-08-18
Noteworthy changes Django 1.10 compatibility. The Twitter and GitHub providers now support querying of the email address. Backwards incompatible changes When ACCOUNT_SIGNUP_EMAIL_ENTER_TWICE was turned on, the email field key changed from email to email1, which could introduce subtle bugs. This has now been changed: there always is an email field, and optionally an email2 field.
Read moredjango-allauth 0.26.1 released
Posted by Raymond Penners on 2016-07-25
Noteworthy changes Locale files wrongly packaged, fixed. Fixed bug (KeyError) when ACCOUNT_SIGNUP_EMAIL_ENTER_TWICE was set to True.
django-allauth 0.26.0 released
Posted by Raymond Penners on 2016-07-24
Noteworthy changes New providers: Weixin, Battle.net, Asana, Eve Online, 23andMe, Slack Django's password validation mechanism (see AUTH_PASSWORD_VALIDATORS) is now used to validate passwords. By default, email confirmations are no longer stored in the database. Instead, the email confirmation mail contains an HMAC based key identifying the email address to confirm.
Read more