django.git/tests/auth_tests/test_forms.py, branch 5.0.10django
http://cgit.adnoto.dev/django.git/atom?h=5.0.102024-09-03T12:33:01Z[5.0.x] Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails.2024-09-03T12:33:01ZNatalia124304+nessita@users.noreply.github.com2024-08-19T17:47:38Zurn:sha1:96d84047715ea1715b4bd1594e46122b8a77b9e2
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.
Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
[5.0.x] Applied Black's 2024 stable style.2024-01-26T11:55:56ZMariusz Felisiakfelisiak.mariusz@gmail.com2024-01-26T11:45:07Zurn:sha1:0379e7532fdf3212b1fe22a58826109c23009be3
https://github.com/psf/black/releases/tag/24.1.0
Backport of 305757aec19c9d5111e4d76095ae0acd66163e4b from main
[5.0.x] Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows.2023-11-01T05:18:00ZMariusz Felisiakfelisiak.mariusz@gmail.com2023-10-17T09:48:32Zurn:sha1:bb71d34551207b2472c493655d0d7f3b2975d686
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
Fixed #34438 -- Reallowed extending UserCreationForm.2023-03-28T09:33:20ZGary Jarrelgary@jarrel.com.au2023-03-27T12:26:06Zurn:sha1:fcc7dc5781667932bf0bf8bec76df458836e5e95
Regression in 298d02a77a69321af8c0023df3250663e9d1362d.
Fixed #25617 -- Added case-insensitive unique username validation in UserCreationForm.2022-12-29T08:42:22ZPaul Schillingmail@paulschilling.de2022-09-24T14:26:14Zurn:sha1:298d02a77a69321af8c0023df3250663e9d1362d
Co-Authored-By: Neven Mundar <nmundar@gmail.com>
Fixed #34187 -- Made UserCreationForm save many-to-many fields.2022-11-29T04:56:53Zsdolemeliponemark.gensler@protonmail.com2022-11-27T19:49:02Zurn:sha1:9d726c7902979d4ad53945ed8f1037266a88010dFixed #34066 -- Fixed link to password reset view in UserChangeForm.password's help text when using to_field.2022-10-27T07:23:34ZSimon Kerns.kern@s2k.digital2022-09-30T08:50:28Zurn:sha1:de2c2127b66e77a034c01c81753c5c08e651a5b4
Co-Authored-By: David Sanders <shang.xiao.sanders@gmail.com>
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Completed test coverage for contrib.auth.forms.2022-10-26T10:52:18ZMarcelo Galignianamarcelogaligniana@gmail.com2022-10-23T11:42:40Zurn:sha1:b440493eaad28f093278a7a6981386dd5a989a74Fixed ReadOnlyPasswordHashWidget's template for RTL languages.2022-09-01T19:20:15ZShai Bergershai@platonix.com2022-08-31T21:39:08Zurn:sha1:fdf0f625216cc5a70d28a3ac9a41f41935f1827cRefs #33476 -- Refactored code to strictly match 88 characters line length.2022-02-07T19:37:05ZMariusz Felisiakfelisiak.mariusz@gmail.com2022-02-04T07:08:27Zurn:sha1:7119f40c9881666b6f9b5cf7df09ee1d21cc8344