News
django-allauth 0.48.0 released
Posted by Raymond Penners on 2022-02-03
Note worthy changes New translations: Catalan, Bulgarian. Introduced a new setting ACCOUNT_PREVENT_ENUMERATION that controls whether or not information is revealed about whether or not a user account exists. Warning: this is a work in progress, password reset is covered, yet, signing up is not.
Read moredjango-allauth 0.47.0 released
Posted by Raymond Penners on 2021-12-09
Note worthy changes New providers: Gumroad. Backwards incompatible changes Added a new setting SOCIALACCOUNT_LOGIN_ON_GET that controls whether or not the endpoints for initiating a social login (for example, "/accounts/google/login/") require a POST request to initiate the handshake. As requiring a POST is more secure, the default of this new setting is False.
Read moredjango-allauth 0.46.0 released
Posted by Raymond Penners on 2021-11-15
Note worthy changes New providers: Gitea, MediaWiki. New translations: Georgian, Mongolian. Django 3.2 compatibility.
django-allauth 0.45.0 released
Posted by Raymond Penners on 2021-07-11
Note worthy changes New providers: Feishu, NetIQ, Frontier, CILogin.
django-allauth 0.44.0 released
Posted by Raymond Penners on 2020-11-25
Security notice In previous versions, the mechanism to prevent too many failed login attempts (ACCOUNT_LOGIN_ATTEMPTS_LIMIT) could be bypassed by changing the casing of the login. Backwards incompatible changes The certificate key part of the SOCIALACCOUNT_PROVIDERS configuration has been renamed to certificate_key.
Read more