PyUp Safety actively tracks 263,329 Python packages for vulnerabilities and notifies you when to upgrade.
Added - It is possible to set a timeout between a user authenticiating in the `LoginView` and them needing to re-authenticate. By default this is 10 minutes. Removed - The final step in the `LoginView` no longer re-validates a user's credentials. - Django 1.11 support. Changed - Security Fix: `LoginView` no longer stores credentials in plaintext in the session store.
1.11.0 not secure
Added *Nothing has been added for this version* Removed - MiddlewareMixin - Python 3.4 support - Django 2.1 support - `mock` dependency Changed - `extra_requires` are now listed in lowercase. This is to workaround a bug in `pip`. - Use `trimmed` option on `blocktrans` to avoid garbage newlines in translations. - `random_hex` from `django_otp` 0.8.0 will always return a `str`, don't try to decode it.
1.10.0 not secure
Added - Support for Django 3.0. - Optionally install full or light phonenumbers library. Removed - Python 2 support. Changed - Updated translations.
1.9.1 not secure
Changed - 1.9.0 got pushed with incorrect changelog, no other changes.
Added - Support for Django 2.2. - Ability to create `PhoneDevice` from Django admin. - Support for Python 3.7.
1.8.0 not secure
Added - Support for Django 2.1. - Support for QRcode library up to 6. - Translation: Romanian. Changed - Replace `ValidationError` with `SuspiciousOperation` in views. - Change the wording in 2FA disable template. - Updated translations.
1.7.0 not secure
Added - Support for Django 2.0. Removed - Django <1.11 support. Changed - Do not list phone method if it is not supported (225). - Pass request kwarg to authentication form (227).
1.6.2 not secure
Fixed - Twilio client 6.0 usage (211). Changed - Updated translation: Russian.
1.6.1 not secure
Added - Support Twilio client 6.0 (203). Fixed - `redirect_to` after successful login (204) Changed - Updated translation: Norwegian Bokmål
1.6.0 not secure
Added - Support for Django 1.11 (188). Removed - Django 1.9 support. Fixed - Allow setting `LOGIN_REDIRECT_URL` to a URL (192). - `DisableView` should also take `success_url` parameter (187).
1.5.0 not secure
Added - Django 1.10’s MIDDLEWARE support. - Allow `success_url` overrides from `urls.py`. - Autofocus token input during authentication. - Translations: Polish, Italian, Hungarian, Finnish and Danish. Removed - Dropped Python 3.2 and 3.3 support. Changed - Renamed `redirect_url` properties to `success_url` to be consistent with Django. Fixed - Allow Firefox users to enter backup tokens (177). - Allow multiple requests for QR code (99). - Don't add phone number without gateway (92). - Redirect to 2FA profile page after removing a phone (159).