| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-05-05 | [4.2.x] Migrated setuptools configuration to pyproject.toml. | Claude Paroz | |
| This branch migrates setuptools configuration from setup.py/setup.cfg to pyproject.toml. In order to ensure that the generated binary files have consistent casing (both the tarball and the wheel), setuptools version is limited to ">=61.0.0,<69.3.0". Configuration for flake8 was moved to a dedicated .flake8 file since it cannot be configured via pyproject.toml. Also, __pycache__ exclusion was removed from MANIFEST and the extras/Makefile was replaced with a simpler build command. Co-authored-by: Nick Pope <nick@nickpope.me.uk> Backport of 4686541691dbe986f58ac87630c3b7a04db4ff93 from main. | |||
| 2024-09-03 | [4.2.x] Fixed CVE-2024-45231 -- Avoided server error on password reset when ↵ | Natalia | |
| email sending fails. On successful submission of a password reset request, an email is sent to the accounts known to the system. If sending this email fails (due to email backend misconfiguration, service provider outage, network issues, etc.), an attacker might exploit this by detecting which password reset requests succeed and which ones generate a 500 error response. Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam Johnson, and Sarah Boyce for the reviews. | |||
| 2023-11-15 | [4.2.x] Fixed #34970 -- Clarified Password Validation docs regarding the ↵ | Markus Amalthea Magnuson | |
| password_changed callback. Backport of 61c305f298da1b4079a80721c861d0663dc8717e from main | |||
| 2023-04-17 | [4.2.x] Used extlinks for PyPI links. | Tim Graham | |
| Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Backport of 2c4dc6476083c853b654e462c7ff65dbe0334c9e from main | |||
| 2023-03-08 | [4.2.x] Fixed #34384 -- Fixed session validation when rotation secret keys. | David Wobrock | |
| Bug in 0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7. Thanks Eric Zarowny for the report. Backport of 2396933ca99c6bfb53bda9e53968760316646e01 from main | |||
| 2023-03-01 | [4.2.x] Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. | django-bot | |
| 2023-02-28 | [4.2.x] Refs #34140 -- Corrected rst code-block and various formatting ↵ | Joseph Victor Zammit | |
| issues in docs. Backport of ba755ca13123d2691a0926ddb64e5d0a2906a880 from main | |||
| 2023-02-10 | [4.2.x] Refs #34140 -- Applied rst code-block to non-Python examples. | Carlton Gibson | |
| Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for reviews. Backport of 534ac4829764f317cf2fbc4a18354fcc998c1425 from main. | |||
| 2023-01-30 | [4.2.x] Fixed typo in docs/topics/auth/passwords.txt. | fschwebel | |
| Wrapped hashing is only possible if the inner wrapped function is the same as the previous hasher. Backport of 0265b1b49ba10f957abfd1311d0bae0ecefc3111 from main | |||
| 2022-12-29 | Fixed #25617 -- Added case-insensitive unique username validation in ↵ | Paul Schilling | |
| UserCreationForm. Co-Authored-By: Neven Mundar <nmundar@gmail.com> | |||
| 2022-11-29 | Fixed #34187 -- Made UserCreationForm save many-to-many fields. | sdolemelipone | |
| 2022-11-28 | Doc's check_password()'s setter and preferred arguments. | Mariusz Felisiak | |
| Follow up to 90e05aaeac612a4251640564aa65f103ac635e12. | |||
| 2022-11-14 | Fixed #34154 -- Made mixin headers consistent in auth docs. | Tony Lechner | |
| 2022-11-10 | Improved readability of string interpolation in frequently used examples in ↵ | Trey Hunner | |
| docs. | |||
| 2022-09-28 | Fixed #34056 -- Updated the list of common passwords for ↵ | Paolo Melchiorre | |
| CommonPasswordValidator. | |||
| 2022-09-17 | Fixed #34017 -- Doc'd that Argon2id variant is used by Argon2PasswordHasher. | Ritik Soni | |
| 2022-09-17 | Fixed #34019 -- Removed obsolete references to "model design considerations" ↵ | DevilsAutumn | |
| note. | |||
| 2022-08-30 | Refs #30947 -- Changed tuples to lists where appropriate. | Alex Morega | |
| 2022-07-23 | Refs #33691 -- Deprecated insecure password hashers. | Claude Paroz | |
| SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher are now deprecated. | |||
| 2022-06-03 | Fixed #33764 -- Deprecated BaseUserManager.make_random_password(). | Ciaran McCormick | |
| 2022-05-31 | Fixed docs build with sphinxcontrib-spelling 7.5.0+. | Mariusz Felisiak | |
| sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set of nodes for which the text is checked. | |||
| 2022-05-17 | Removed versionadded/changed annotations for 4.0. | Carlton Gibson | |
| 2022-05-11 | Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher. | Mariusz Felisiak | |
| 2022-04-28 | Removed hyphen from pre-/re- prefixes. | David | |
| "prepopulate", "preload", and "preprocessing" are already in the spelling_wordlist. This also removes hyphen from double "e" combinations with "pre" and "re", e.g. preexisting, preempt, reestablish, or reenter. See also: - https://ahdictionary.com/word/search.html?q=rerun - https://ahdictionary.com/word/search.html?q=recreate - https://ahdictionary.com/word/search.html?q=predetermined - https://ahdictionary.com/word/search.html?q=reuse - https://ahdictionary.com/word/search.html?q=reopening | |||
| 2022-04-01 | Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD ↵ | Lucidiot | |
| when using Meta.constraints. | |||
| 2022-03-29 | Fixed #15619 -- Deprecated log out via GET requests. | René Fleschenberg | |
| Thanks Florian Apolloner for the implementation idea. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2022-02-01 | Fixed #30360 -- Added support for secret key rotation. | tschilling | |
| Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com> | |||
| 2022-01-17 | Fixed #33443 -- Clarified when PasswordResetView sends an email. | Brad Solomon | |
| 2022-01-13 | Clarified how contrib.auth picks a password hasher for verification. | Adam Johnson | |
| 2022-01-05 | Fixed malformed attribute directives in docs. | David | |
| 2022-01-04 | Fixed CVE-2021-45115 -- Prevented DoS vector in ↵ | Florian Apolloner | |
| UserAttributeSimilarityValidator. Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu> | |||
| 2021-12-28 | Avoided counting attributes and methods in docs. | Mariusz Felisiak | |
| 2021-12-17 | Changed signatures of setting_changed signal receivers. | Adam Johnson | |
| 2021-12-13 | Improved wording in password validators docs and docstrings. | Adam Johnson | |
| 2021-10-19 | Refs #33207 -- Clarified that AUTH_USER_MODEL expects an app label. | Mariusz Felisiak | |
| 2021-09-20 | Removed versionadded/changed annotations for 3.2. | Mariusz Felisiak | |
| 2021-08-17 | Fixed #32964 -- Corrected 'setup'/'set up' usage in docs. | Andrew Northall | |
| 2021-07-29 | Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵ | David Smith | |
| appropriate. | |||
| 2021-07-22 | Fixed #32275 -- Added scrypt password hasher. | ryowright | |
| Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-05-20 | Clarified docs about increasing the work factor for bcrypt hasher. | yyyyyyyan | |
| 2021-05-17 | Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. | Nick Pope | |
| 2021-02-08 | Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView. | ThinkChaos | |
| 2021-02-08 | Used .. attribute:: directive in authentication views docs. | Mariusz Felisiak | |
| 2021-01-14 | Removed versionadded/changed annotations for 3.1. | Mariusz Felisiak | |
| 2021-01-14 | Fixed #31358 -- Increased salt entropy of password hashers. | Jon Moroney | |
| Co-authored-by: Florian Apolloner <florian@apolloner.eu> | |||
| 2020-12-03 | Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default. | Timo Ludwig | |
| 2020-08-11 | Added note about password updates on argon2 attributes change. | Roy Zheng | |
| 2020-05-13 | Used :mimetype: role in various docs. | Nick Pope | |
| 2020-05-13 | Removed versionadded/changed annotations for 3.0. | Mariusz Felisiak | |
| 2020-04-29 | Refs #27468 -- Made user sessions use SHA-256 algorithm. | Mariusz Felisiak | |
