News
django-allauth 64.1.0 released
Posted by Raymond Penners on 2024-08-15
Note worthy changes Headless: When trying to login while a user is already logged in, you now get a 409. Limited the maximum allowed time for a login to go through the various login stages. This limits, for example, the time span that the 2FA stage remains available.
Read moredjango-allauth 64.0.0 released
Posted by Raymond Penners on 2024-07-31
Note worthy changes The 0.x.y version numbers really did not do justice to the state of the project, and we are way past the point where a version 1.0 would be applicable. Additionally, 64 is a nice round number. Therefore, the version numbering is changed from 0.
Read moredjango-allauth 0.63.6 released
Posted by Raymond Penners on 2024-07-12
Security notice When the Facebook provider was configured to use the js_sdk method the login page could become vulnerable to an XSS attack.
django-allauth 0.63.5 released
Posted by Raymond Penners on 2024-07-11
Fixes The security fix in 0.63.4 that altered the __str__() of SocialToken caused issues within the Amazon Cognito, Atlassian, JupyterHub, LemonLDAP, Nextcloud and OpenID Connect providers. Fixed.
django-allauth 0.63.4 released
Posted by Raymond Penners on 2024-07-10
Security notice The __str__() method of the SocialToken model returned the access token. As a consequence, logging or printing tokens otherwise would expose the access token. Now, the method no longer returns the token. If you want to log/print tokens, you will now have to explicitly log the token field of the SocialToken instance.
Read more