News
django-allauth 0.36.0 released
Posted by Raymond Penners on 2018-05-08
Note worthy changes New providers: Telegram, QuickBooks. The Facebook API version now defaults to v2.12. ORCID upgraded to use API v2.1. Security notice In previous versions, the authentication backend did not invoke the user_can_authenticate() method, potentially allowing users with is_active=False to authenticate when the allauth authentication backend was used in a non allauth context.
Read moredjango-allauth 0.35.0 released
Posted by Raymond Penners on 2018-02-02
Note worthy changes Add support for Django 2.0 Security notice As an extra security measure on top of what the standard Django password reset token generator is already facilitating, allauth now adds the user email address to the hash such that whenever the user's email address changes the token is invalidated.
Read moredjango-allauth 0.34.0 released
Posted by Raymond Penners on 2017-10-29
Security notice The "Set Password" view did not properly check whether or not the user already had a usable password set. This allowed an attacker to set the password without providing the current password, but only in case the attacker already gained control over the victim's session.
Read moredjango-allauth 0.33.0 released
Posted by Raymond Penners on 2017-08-20
Note worthy changes Security: password reset tokens are now prevented from being leaked through the password reset URL. New providers: Patreon, Authentiq, Dataporten. Dropbox has been upgraded to API V2. New translation: Norwegian. Backwards incompatible changes Dropped support for Django 1.
Read moredjango-allauth 0.32.0 released
Posted by Raymond Penners on 2017-04-27
Note worthy changes Improved AJAX support: the account management views (change/set password, manage email addresses and social connections) now support AJAX GET requests. These views hand over all the required data for you to build your frontend application upon. New providers: Dwolla, Trello.
Read more