django-allauth 0.34.0 released

Posted by Raymond Penners on 2017-10-29

Security notice

The "Set Password" view did not properly check whether or not the user already had a usable password set. This allowed an attacker to set the password without providing the current password, but only in case the attacker already gained control over the victim's session.

Note worthy changes

New provider: Meetup.

Next: django-allauth 0.35.0 released Previous: django-allauth 0.33.0 released

Archives

2024 25
2023 13
2022 5
2021 3
2020 3
2019 4
2018 5
2017 5
2016 8
2015 8
2014 4
2013 11
2012 9