Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
py-flask-security: updated to 5.5.2
Version 5.5.2
-------------
Released August 5, 2024
More attempts to upload to pypi both flask-security and flask-security-too.
No code changes - however the build manifest changed so the source distribution
contents might be slightly different.
Docs and Chores
+++++++++++++++
- (:pr:`1019`) Separate publish workflows for each pypi package
Version 5.5.1
-------------
Released August 1, 2024
I am pleased to announce that Flask-Security-Too is now part of pallets-eco and \
has returned
to be released as 'Flask-Security'. For the foreseeable future, we will publish \
the same release to both
Flask-Security and Flask-Security-Too on PyPI.
There are no code changes.
Docs and Chores
+++++++++++++++
- (:pr:`1015`) Convert docs, links, badges, etc to pallets-eco
Version 5.5.0
-------------
Released July 24, 2024
Features & Improvements
+++++++++++++++++++++++
- (:issue:`956`) Add support for changing registered user's email \
(:py:data:`SECURITY_CHANGE_EMAIL`).
- (:issue:`944`) Change default password hash to argon2 (was bcrypt). See below \
for details.
- (:pr:`990`) Add freshness capability to auth tokens (enables /us-setup to \
function w/ just auth tokens).
- (:pr:`991`) Add support to /tf-setup to not require sessions (use a state token).
- (:issue:`994`) Add support for Flask-SQLAlchemy-Lite - including new \
all-inclusive models
that conform to sqlalchemy latest best-practice (type-annotated).
- (:pr:`1007`) Convert other sqlalchemy-based datastores from legacy \
'model.query' to best-practice 'select'
- (:issue:`983`) Allow applications more flexibility defining allowable redirects.
Fixes
+++++
- (:pr:`972`) Set :py:data:`SECURITY_CSRF_COOKIE` at beginning (GET /login) of \
authentication
ritual - just as we return the CSRF token. (thanks @e-goto)
- (:issue:`973`) login and unified sign in should handle GET for authenticated \
user consistently.
- (:pr:`995`) Don't show sms options if not defined in US_ENABLED_METHODS. \
(fredipevcin)
- (:pr:`1009`) Change :py:data:`SECURITY_DEPRECATED_HASHING_SCHEMES` to \
``["auto"]``.
Docs and Chores
+++++++++++++++
- (:pr:`979`) Update Russian translations (ademaro)
- (:pr:`1004`) Update ES and IT translations (gissimo)
- (:pr:`981` and :pr:`977`) Improve docs
- (:pr:`992`) The long deprecated `get_token_status` is no longer exported
- (:pr:`992`) Drop Python 3.8 support.
- (:issue:`1001`) Try a different approach to typing User and Role models.
Backwards Compatibility Concerns
+++++++++++++++++++++++++++++++++
- Notes around the change to argon2 as the default password hash:
- applications should add the argon2_cffi package to their requirements (it \
is included in the flask_security[common] extras).
- leave bcrypt installed so that old passwords still work.
- the default configuration will re-hash passwords with argon2 upon first use.
- Changes to /tf-setup
The old path - using state set in the session still works as before. The new \
path is
just for the case an authenticated user wants to change their 2FA setup.
- Changes to sqlalchemy-based datastores
Flask-Security no longer uses the legacy model.query - all DB access is done via
`select(xx).where(xx)`. As a result the find_user() method now only takes a \
SINGLE
column:value from its kwargs - in prior releases all kwargs were passed into \
the query.filter.