News
django-allauth 64.2.1 released
Posted by Raymond Penners on 2024-09-05
Fixes Verifying the email address by clicking on the link would no longer log you in, even in case of ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION = True. Security notice It was already the case that you could not enable TOTP 2FA if your account had unverified email addresses.
Read moredjango-allauth 64.2.0 released
Posted by Raymond Penners on 2024-08-30
Note worthy changes Verifying email addresses by means of a code (instead of a link) is now supported. See settings.ACCOUNT_EMAIL_VERIFICATION_BY_CODE_ENABLED. Added support for requiring logging in by code, so that every user logging in is required to input a login confirmation code sent by email.
Read moredjango-allauth 64.1.0 released
Posted by Raymond Penners on 2024-08-15
Note worthy changes Headless: When trying to login while a user is already logged in, you now get a 409. Limited the maximum allowed time for a login to go through the various login stages. This limits, for example, the time span that the 2FA stage remains available.
Read moredjango-allauth 64.0.0 released
Posted by Raymond Penners on 2024-07-31
Note worthy changes The 0.x.y version numbers really did not do justice to the state of the project, and we are way past the point where a version 1.0 would be applicable. Additionally, 64 is a nice round number. Therefore, the version numbering is changed from 0.
Read moredjango-allauth 0.63.6 released
Posted by Raymond Penners on 2024-07-12
Security notice When the Facebook provider was configured to use the js_sdk method the login page could become vulnerable to an XSS attack.