News In 2018
django-allauth 0.38.0 released
Posted by Raymond Penners on 2018-10-03
Security notice The {% user_display user %} tag did not escape properly. Depending on the username validation rules, this could lead to XSS issues. Note worthy changes New provider: Vimeo (OAuth2). New translations: Basque.
django-allauth 0.37.1 released
Posted by Raymond Penners on 2018-08-27
Backwards incompatible changes Dropped the x-li-src: msdk headers from the linkedin_oauth2 handshake. This header is only required for mobile tokens, and breaks the regular flow. Use the HEADERS setting to add this header if you need it.
django-allauth 0.37.0 released
Posted by Raymond Penners on 2018-08-27
Note worthy changes The Battle.net login backend now recognizes apac as a valid region. User model using a UUIDField as it's primary key can now be logged in upon email confirmation (if using ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION). New providers: Agave, Cern, Disqus, Globus.
Read moredjango-allauth 0.36.0 released
Posted by Raymond Penners on 2018-05-08
Note worthy changes New providers: Telegram, QuickBooks. The Facebook API version now defaults to v2.12. ORCID upgraded to use API v2.1. Security notice In previous versions, the authentication backend did not invoke the user_can_authenticate() method, potentially allowing users with is_active=False to authenticate when the allauth authentication backend was used in a non allauth context.
Read moredjango-allauth 0.35.0 released
Posted by Raymond Penners on 2018-02-02
Note worthy changes Add support for Django 2.0 Security notice As an extra security measure on top of what the standard Django password reset token generator is already facilitating, allauth now adds the user email address to the hash such that whenever the user's email address changes the token is invalidated.
Read more