Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update django-allauth to 64.1.0 #5302

Merged
merged 1 commit into from
Aug 16, 2024
Merged

Update django-allauth to 64.1.0 #5302

merged 1 commit into from
Aug 16, 2024

Conversation

pyup-bot
Copy link
Collaborator

This PR updates django-allauth[mfa] from 64.0.0 to 64.1.0.

Changelog

64.1.0

*******************

Note worthy changes
-------------------

- Headless: When trying to login while a user is already logged in, you now get
a 409.

- Limited the maximum allowed time for a login to go through the various login
stages. This limits, for example, the time span that the 2FA stage remains
available. See ``settings.ACCOUNT_LOGIN_TIMEOUT``.


Security notice
---------------

- Headless: When a user was not fully logged in, for example, because (s)he was
in the process of completing the 2FA process, calling logout would not wipe
the session containing the partially logged in user.
Links

@browniebroke browniebroke merged commit 47e6390 into master Aug 16, 2024
14 of 15 checks passed
@browniebroke browniebroke deleted the pyup-update-django-allauth-64.0.0-to-64.1.0 branch August 16, 2024 08:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pyup-bot @browniebroke