- Update to 5.3.0:
* Improvements to recoverability and confirmation to align with
OWASP best practices and reduce possible exploitation.
* Webauthn Updates to handling of transport.
* Fix MongoDB support by eliminating dependency on flask-mongoengine. Improve MongoDB quickstart.
* Fix Quickstart for SQLAlchemy with scoped session.
* Login no longer, by default, checks for email deliverability.
* Token authentication is no longer accepted on endpoints which only allow 'session' as authentication-method. (N247S)
* /reset and /confirm and GENERIC_RESPONSES and additional form args don't mix.
* Reset password can be exploited and other OWASP improvements.
* Confirmation can be exploited and other OWASP improvements.
* Convert to pyproject.toml, build, remove setup.py/.cfg.
* the tf_validity feature now ONLY sets a cookie - and the token is no longer returned as part of a JSON response.
* Fix login/unified signin templates to properly send CSRF token. Add more tests.
* Improve Social Oauth example code.
- 5.2.0:
* Small updates to work with latest Flask/Werkzeug.
* Drop support for Python 3.7
* Drop support for older versions of dependent packages (such as Flask).
* Remove old Werkzeug compatibility check.
* Compatibility with Quart.
* Remove dependence on pkg_resources / setuptools (use importlib_resources package)
* Fix tests to work with latest Werkzeug/Flask. Update requirements_low to match current releases.
* Drop support for Python 3.7
- 5.1.2:
* Hungarian translations not working.
* Fix documentation for send_mail. (gg)
* Fix for latest mongoengine and mongomock.
* Fix inappropriate use of &thinsp& in French translations. (maxdup)
* Improve documentation around subclassing forms.