News

django-allauth 64.1.0 released

Posted by Raymond Penners on 2024-08-15

Note worthy changes Headless: When trying to login while a user is already logged in, you now get a 409. Limited the maximum allowed time for a login to go through the various login stages. This limits, for example, the time span that the 2FA stage remains available.

Read more

django-allauth 64.0.0 released

Posted by Raymond Penners on 2024-07-31

Note worthy changes The 0.x.y version numbers really did not do justice to the state of the project, and we are way past the point where a version 1.0 would be applicable. Additionally, 64 is a nice round number. Therefore, the version numbering is changed from 0.

Read more

django-allauth 0.63.6 released

Posted by Raymond Penners on 2024-07-12

Security notice When the Facebook provider was configured to use the js_sdk method the login page could become vulnerable to an XSS attack.


django-allauth 0.63.5 released

Posted by Raymond Penners on 2024-07-11

Fixes The security fix in 0.63.4 that altered the __str__() of SocialToken caused issues within the Amazon Cognito, Atlassian, JupyterHub, LemonLDAP, Nextcloud and OpenID Connect providers. Fixed.


django-allauth 0.63.4 released

Posted by Raymond Penners on 2024-07-10

Security notice The __str__() method of the SocialToken model returned the access token. As a consequence, logging or printing tokens otherwise would expose the access token. Now, the method no longer returns the token. If you want to log/print tokens, you will now have to explicitly log the token field of the SocialToken instance.

Read more

Page 2 of 21

Archives