News
django-allauth 64.0.0 released
Posted by Raymond Penners on 2024-07-31
Note worthy changes The 0.x.y version numbers really did not do justice to the state of the project, and we are way past the point where a version 1.0 would be applicable. Additionally, 64 is a nice round number. Therefore, the version numbering is changed from 0.
Read moredjango-allauth 0.63.6 released
Posted by Raymond Penners on 2024-07-12
Security notice When the Facebook provider was configured to use the js_sdk method the login page could become vulnerable to an XSS attack.
django-allauth 0.63.5 released
Posted by Raymond Penners on 2024-07-11
Fixes The security fix in 0.63.4 that altered the __str__() of SocialToken caused issues within the Amazon Cognito, Atlassian, JupyterHub, LemonLDAP, Nextcloud and OpenID Connect providers. Fixed.
django-allauth 0.63.4 released
Posted by Raymond Penners on 2024-07-10
Security notice The __str__() method of the SocialToken model returned the access token. As a consequence, logging or printing tokens otherwise would expose the access token. Now, the method no longer returns the token. If you want to log/print tokens, you will now have to explicitly log the token field of the SocialToken instance.
Read moredjango-allauth 0.63.3 released
Posted by Raymond Penners on 2024-05-31
Note worthy changes In HEADLESS_ONLY mode, the /accounts/<provider>/login/ URLs were still available, fixed. The few remaining OAuth 1.0 providers were not compatible with headless mode, fixed. Depending on where you placed the secure_admin_login(admin.site.login) protection you could run into circular import errors, fixed.
Read more