Releases: pallets-eco/flask-security
4.1.0 Release
A feature release with (hopefully) no backwards compatibility issues.
See CHANGES for a complete list:
- Add typing
- Add first-class support for username
- Add a public API and CLI for changing a user's password.
4.0.1 Release
A very small release - mostly documentation fixes - thanks to all the early adopters!
4.0.0 Release
4.0.0, as a major release, is a non-backwards compatible release of Flask-Security. Please read the release/change notes carefully.
Fix CSRF Vulnerability
The /login and /change endpoints allowed a GET request to return the users authentication token. That's not good.
Now, as prior to 3.3.0, only successful POSTs can return the token.
Release 4.0.0rc1
4.0.0, as a major release, is a non-backwards compatible release of Flask-Security. Please read the release/change notes carefully.
Release 3.4.4
Fix 3 regressions and a couple other bugs.
Release 3.4.3
Fix a regression in two-factor.
Backport some documentation fixes.
3.4.2 - Move repo to github organization
The flask-security repo was moved to a github organization - Flask-Middleware.
3.4.1 Bug-Fix Release
See CHANGES for details.
Lots of small bug fixes in the new unified sign in feature.
Fixed a regression in the alternative ID feature.
WTForms 2.3.0 just came out - that required a small change.
3.4.0 Feature Release
3.4.0 introduces a few major features:
- pluggable password validation, including a built-in version that does complexity checking and pwned checking.
- a unified sign in mechanism allowing for much more flexible ways for applications to enable authentication - including different forms of identity, and different ways to generate and accept password/pass codes.
Please see the CHANGES document for details.