diff options
| author | Nick Zaccardi <nicholas.zaccardi@gmail.com> | 2017-05-27 16:27:13 -0400 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2017-05-29 09:22:22 -0400 |
| commit | 95993a89ce6ca5f5e26b1c22b65c57dcb8c005e9 (patch) | |
| tree | c3fec8384bf4571661bb5d1a84fceeddb4c5c076 /docs | |
| parent | 8c45b5b903e1ee4611577b98d43074b6f26089ef (diff) | |
Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/2.0.txt | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/releases/2.0.txt b/docs/releases/2.0.txt index e4b7110560..39df2d891d 100644 --- a/docs/releases/2.0.txt +++ b/docs/releases/2.0.txt @@ -355,6 +355,12 @@ Miscellaneous connection, those queries could be included as part of the ``assertNumQueries()`` count. +* The ``PASSWORD_RESET_TIMEOUT_DAYS`` setting is more properly respected in + ``contrib.auth`` password reset. Previously, resets were allowed for one day + longer than expected. For example, with the default of + ``PASSWORD_RESET_TIMEOUT_DAYS = 3``, password reset tokens are now valid for + 72 hours rather than 96 hours. + .. _deprecated-features-2.0: Features deprecated in 2.0 |
