Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ready for 5.5.0 #1012

Merged
merged 1 commit into from
Jul 23, 2024
Merged

Ready for 5.5.0 #1012

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 15 additions & 3 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,18 @@
version: 2
updates:
- package-ecosystem: "pip"
directory: "/requirements/"
- package-ecosystem: github-actions
directory: /
schedule:
interval: "daily"
interval: weekly
groups:
github-actions:
patterns:
- '*'
- package-ecosystem: pip
directory: /requirements/
schedule:
interval: weekly
groups:
python-requirements:
patterns:
- '*'
10 changes: 5 additions & 5 deletions CHANGES.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,18 +6,18 @@ Here you can see the full list of changes between each Flask-Security release.
Version 5.5.0
-------------

Released TBD
Released July 23, 2024

Features & Improvements
+++++++++++++++++++++++
- (:issue:`956`) Add support for changing registered user's email (:py:data:`SECURITY_CHANGE_EMAIL`).
- (:issue:`944`) Change default password hash to argon2 (was bcrypt). See below for details.
- (:pr:`990`) Add freshness capability to auth tokens (enables /us-setup to function w/ just auth tokens).
- (:pr:`991`) Add support /tf-setup to not require sessions (use a state token).
- (:pr:`991`) Add support to /tf-setup to not require sessions (use a state token).
- (:issue:`994`) Add support for Flask-SQLAlchemy-Lite - including new all-inclusive models
that conform to sqlalchemy latest best-practice (type-annotated).
- (:pr:`1007`) Convert other sqlalchemy-based datastores from legacy 'model.query' to best-practice 'select'
- (:issue:`983`) Allow applications more flexibility defining redirects.
- (:issue:`983`) Allow applications more flexibility defining allowable redirects.

Fixes
+++++
Expand Down Expand Up @@ -61,7 +61,7 @@ Fixes
- (:issue:`954`) CSRF not properly ignored for application forms using :py:data:`SECURITY_CSRF_PROTECT_MECHANISMS`.
- (:pr:`957`) Improve jp translations (e-goto)
- (:issue:`959`) Regression - datetime_factory should still be an attribute (thanks TimotheeJeannin)
- (:issue:`942`) :py:data:`SECURITY_RETURN_GENERIC_RESPONSES` hide email validation/syntax errors.
- (:issue:`942`) :py:data:`SECURITY_RETURN_GENERIC_RESPONSES` hid email validation/syntax errors.

Version 5.4.2
-------------
Expand Down Expand Up @@ -158,7 +158,7 @@ Backwards Compatibility Concerns
- Flask-Login's FORCE_HOST_FOR_REDIRECTS configuration isn't honored
- Flask-Login's USE_SESSION_FOR_NEXT configuration isn't honored
- The flashed message is SECURITY_MSG_UNAUTHENTICATED rather than SECURITY_MSG_LOGIN.
Furthermore SECURITY_MSG_UNAUTHENTICATED was reworded to read better.
Furthermore, SECURITY_MSG_UNAUTHENTICATED was reworded to read better.
- Flask-Login uses `urlencode` to encode the `next` query param - which quotes the '/' character.
Werkzeug (which Flask-Security uses to build the URL) uses `quote`
which considers '/' a safe character and isn't encoded.
Expand Down
Loading
Loading