- Update to 5.3.0:
  * Improvements to recoverability and confirmation to align with
    OWASP best practices and reduce possible exploitation.
  * Webauthn Updates to handling of transport.
  * Fix MongoDB support by eliminating dependency on flask-mongoengine. Improve MongoDB quickstart.
  * Fix Quickstart for SQLAlchemy with scoped session.
  * Login no longer, by default, checks for email deliverability.
  * Token authentication is no longer accepted on endpoints which only allow 'session' as authentication-method. (N247S)
  * /reset and /confirm and GENERIC_RESPONSES and additional form args don't mix.
  * Reset password can be exploited and other OWASP improvements.
  * Confirmation can be exploited and other OWASP improvements.
  * Convert to pyproject.toml, build, remove setup.py/.cfg.
  * the tf_validity feature now ONLY sets a cookie - and the token is no longer returned as part of a JSON response.
  * Fix login/unified signin templates to properly send CSRF token. Add more tests.
  * Improve Social Oauth example code.
- 5.2.0:
  * Small updates to work with latest Flask/Werkzeug.
  * Drop support for Python 3.7
  * Drop support for older versions of dependent packages (such as Flask).
  * Remove old Werkzeug compatibility check.
  * Compatibility with Quart.
  * Remove dependence on pkg_resources / setuptools (use importlib_resources package)
  * Fix tests to work with latest Werkzeug/Flask. Update requirements_low to match current releases.
  * Drop support for Python 3.7
- 5.1.2:
  * Hungarian translations not working.
  * Fix documentation for send_mail. (gg)
  * Fix for latest mongoengine and mongomock.
  * Fix inappropriate use of &thinsp& in French translations. (maxdup)
  * Improve documentation around subclassing forms.

• Files Changed
• Browse Source