Skip to content

1.6.0

Latest
Latest

Choose a tag to compare

View all tags
@nezhar nezhar released this 29 Jun 18:46
1.6.0
a612586
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

  • added locales with spanish translations by @jorgecorrea in #128
  • Add throttling to password reset by @nezhar in #200
  • Update supported Python, Django and DRF support versions by @nezhar in #206
  • Remove test files from package distribution by @nezhar in #209
  • Change DJANGO_REST_PASSWORDRESET_NO_INFORMATION_LEAKAGE default from False to True by @nezhar in #210
  • Respect DRF throttles on reset validate/confirm endpoints by @nezhar in #211
  • Document expired token cleanup and index created_at by @nezhar in #212
  • Add security warning for RandomNumberTokenGenerator by @nezhar in #213
  • Harden reset token failure responses by @nezhar in #214
  • Add DRF 3.17 support by @nezhar in #215

Acknowledgements

Thanks to noobak and co-researcher for the coordinated security report that prompted the password-reset hardening in
this release (user-enumeration default, throttle handling on validate/confirm, and token-failure response hardening).

New Contributors

Full Changelog: 1.5.0...1.6.0

Contributors

jorgecorrea and nezhar
Assets 2
Loading