django-allauth 65.14.1 released

Posted by Raymond Penners on 2026-02-07

Fixes

When using ACCOUNT_CHANGE_EMAIL = True, if the user initiating the change email process had no verified email address, user.email would still reflect the old email address while the verification process was pending.

Security notice

SAML: When IdP initiated SSO was enabled (it is by default disabled), any URL found in the SAML RelayState parameter would be used to redirect to, potentially redirecting the authenticated user to a wrong site. Thanks to Ayato Shitomi and Funabiki Keisuke for reporting.

Next: django-allauth 65.14.2 released Previous: django-allauth 65.14.0 released

Archives

2025 16
2024 27
2023 13
2022 5
2021 3
2020 3
2019 4
2018 5
2017 5
2016 8
2015 8
2014 4
2013 11
2012 9