| Age | Commit message (Expand) | Author |
| 2010-12-23 | Fix a security issue in the auth system. Disclosure and new release forthcoming. | Alex Gaynor |
| 2010-12-04 | [1.2.X] Fixed #14795 -- Ensure that get_all_permissions() returns the right r... | Russell Keith-Magee |
| 2010-12-04 | [1.2.X] Fixed #13190 -- Improved error handling for the case where no authent... | Russell Keith-Magee |
| 2010-11-04 | [1.2.X] Fixed #14612 - Password reset page leaks valid user ids publicly. | Luke Plant |
| 2010-11-04 | [1.2.X] Fixed a test setup and isolation bug that was causing PasswordResetTe... | Luke Plant |
| 2010-10-31 | [1.2.X] Fixed the auth tests so they work when the AUTHENTICATION_BACKENDS se... | Alex Gaynor |
| 2010-10-10 | [1.2.X] Converted contrib/auth/tokens doctests to unittests. We've always sa... | Luke Plant |
| 2010-10-09 | [1.2.X] Fixed #14354 -- Normalized the handling of empty/null passwords in co... | Russell Keith-Magee |
| 2010-10-08 | Backport of r14003 from trunk. | Russell Keith-Magee |
| 2010-10-05 | [1.2.X] Fixed #14386, #8960, #10235, #10909, #10608, #13845, #14377 - standar... | Luke Plant |
| 2010-09-09 | [1.2.X] Fixed #14242 - UserChangeForm subclasses without 'user_permissions' f... | Luke Plant |
| 2010-09-09 | [1.2.X] Converted tests for contrib.auth.forms to unit tests. | Luke Plant |
| 2010-05-21 | Fixed #13569 -- Fixed createsuperuser management command to work with the new... | Jannis Leidel |
| 2010-04-09 | Fixed #13304 -- Updated auth decorators so they can be used with callable cla... | Russell Keith-Magee |
| 2010-03-15 | Fixed #13108 -- Corrected an ambiguity in test data with the potential to cau... | Russell Keith-Magee |
| 2010-03-01 | Fixed #5605: only lowercase the domain portion of an email address in `UserMa... | Jacob Kaplan-Moss |
| 2010-03-01 | Fixed #11457: tightened the security check for "next" redirects after logins. | Jacob Kaplan-Moss |
| 2010-03-01 | Fixed #5786: relaxed the validation for usernames to allow more common charac... | Jacob Kaplan-Moss |
| 2010-02-23 | Fixed #12776 -- `User.get_profile` now raises `SiteProfileNotAvailable` inste... | Justin Bronn |
| 2010-02-13 | Fixed #10976 -- Isolated contrib.auth tests so they will always pass, regardl... | Russell Keith-Magee |
| 2010-01-28 | Fixed #12557 - AnonymousUser should check auth backends for permissions | Luke Plant |
| 2010-01-10 | Fixed #8049 -- Fixed inconsistency in admin site is_active checks. Thanks for... | Adrian Holovaty |
| 2009-12-30 | Fixed #12462 - Fixed edge case with auth backends that don't support object p... | Jannis Leidel |
| 2009-12-10 | Fixed #11010 - Add a foundation for object permissions to authentication back... | Jannis Leidel |
| 2009-10-14 | Fixed #6552, #12031 - Make django.core.context_processors.auth lazy to avoid ... | Luke Plant |
| 2009-09-10 | Removed unnecessary keys in django.contrib.auth.test.__test__ | Luke Plant |
| 2009-05-04 | Fixed #10521 -- Modified the Remote User tests so that it isn't dependent on ... | Russell Keith-Magee |
| 2009-04-19 | Fixed #8752 -- Fixed django.contrib.auth tests to be locale-independent. | Malcolm Tredinnick |
| 2009-04-10 | Fixed #10747: fixed the auth tests to ignore broken user-supplied login/logou... | Jacob Kaplan-Moss |
| 2009-04-05 | Fixed a sloppy test auth test. [10400] revealed that the auth test was relyin... | Jacob Kaplan-Moss |
| 2009-04-01 | Fixed #10265: fixed a bug when generating a password reset token for a user c... | Jacob Kaplan-Moss |
| 2009-04-01 | Fixed #10460: the logout view can now redirect like the rest of the auth view... | Jacob Kaplan-Moss |
| 2009-04-01 | Fixed #9881: Added the to the login view context, not just the site's name. ... | Jacob Kaplan-Moss |
| 2009-03-31 | Fixed #10553 -- Corrected several uses of `URLconf` in documentation and comm... | Gary Wilson Jr |
| 2009-03-30 | Fixed #8140 -- Made `UserManager.create_superuser` return the new `User` obje... | Gary Wilson Jr |
| 2009-03-15 | Fixed #689 -- Added a middleware and authentication backend to contrib.auth f... | Gary Wilson Jr |
| 2009-02-26 | Fixed #10017 - PasswordResetForm.clean_email was not returning the value. | Luke Plant |
| 2008-11-06 | Fixed #6160, #9111 -- Consistently apply conditional_escape to form errors an... | Karen Tracey |
| 2008-08-27 | Fixed #8552 -- Use the LOGIN_REDIRECT_URL setting in the auth tests, rather t... | Malcolm Tredinnick |
| 2008-08-25 | Fixed #8379: the admin user change form now properly validates the username. ... | Jacob Kaplan-Moss |
| 2008-08-25 | Fixed #7833: the user creation form now works when password1 isn't set. | Jacob Kaplan-Moss |
| 2008-08-23 | Tests for password change process. Thanks, Mike Richardson. Fixed #8402. | Malcolm Tredinnick |
| 2008-07-31 | Fixed #7723 - implemented a secure password reset form that uses a token and ... | Luke Plant |
| 2008-07-18 | Merged the newforms-admin branch into trunk. | Brian Rosner |