forked from yourlabs/django-session-security
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG
122 lines (78 loc) · 3.47 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
2.6.7-pre0
Moved CI from Travis-CI to GitHub Actions
Django 4.0 support
2.6.6 Django 3.0 support
And test fix, by @jsm222, big thanks !!
2.6.1 #113: Check if session expired on activity by @rbntimes
2.6.0 Release
2.6.0-rc1
#103: Django 2.0 urlresolvers import fix by @Ruffle0
#98: Call is_authenticated property instead of function for Django 2.0 by @tpeaton
#105: Ensure setTimeout() millisecond parameter doesn't exceed max value by @abottc
Polish translation update by @mpasternak
2.5.1
- #90: add SESSION_SECURITY_PASSIVE_URL_NAMES setting
2.5.0
- #79 remove compiled binary from source to comply with Debian source code
repository policy by @nirgal
- #81 support django 1.10 by @eriktelepovsky
- #84 a11y support to modal dialog by @lynnco
- #85 support for mobile device activity by @kalekseev
- #88 dutch translation update by @rdekker1
- #91 test django 1.11 and 2.0 instead of 1.7 by @jpic
2.4.0
- #75 Fix vulnerability when SESSION_EXPIRE_AT_BROWSER_CLOSE is off
- #77 Crash if SESSION_EXPIRE_AT_BROWSER_CLOSE is off
- #78 Update test matrix to have Django 1.10 + master instead of just
master
- #74 Created security mailing list
Thanks @ClaytonDelay for contacting about the issue.
Note that if you don't have SESSION_EXPIRE_AT_BROWSER_CLOSE=True in your
settings, then the project won't start unless you set
SESSION_SECURITY_INSECURE=True, which you shouldn't.
2.3.3 #69: Encode response to JSON by Tatsh
2.3.2
- #58: Allow for custom expiration based on request (#65) by @mjschultz
2.3.1
- #57: added redirectTo parameter to the script by Andrei Coman
- test stabilization with django-sbo-selenium
- Django 1.10 support
2.3.0 Deprecate support for Django < 1.6
2.2.5 #56: Dj19 support by @eriktelepovsky
2.2.4 #43: Throttle lastActivity updates to once per second by @cuu508
2.2.3 #31: Removed a .mo file
2.2.2
- #21: Polish translation
- #23: French translation fix
- #26: Fix an edge bug discovered in multithreaded environments
- #30: Use reverse_lazy in settings.py
- Added to AUTHORS: @mschettler, @mattbo, @nirgal, @mpasternak
2.2.1: #24: Center the modal on the viewport
2.2.0: Pre-build .mo.
2.1.7 #19: Use consistent formatting for the datetime. Fixes random failures in
test suites. By Scott Sexton.
2.1.6 #18: Spanish translation
2.1.5 #17: Fix l10n error with long numbers @jacoor
2.1.4 #13: Fix clock sync problems by @krillr
2.1.3 Added Brazilian Portuguese Translation
2.1.2 Use {% static %} instead of {{ STATIC_URL }} in all.html
2.1.1
- Fixed AUTHORS,
- Added utils to full documentation.
- Promoted to Production/Stable.
2.1.0
- Django 1.5 and 1.6 support.
- Fix #6: Internet Explorer 8 support.
- Python 3.3 support.
- Minor BC break: we can't set datetime objects directly in the session
since django 1.6. Instead, we go through session_security.utils functions
get_last_activity() and set_last_activity(). If you were touching
session['_session_security'] directly, you should update your code to use
those functions.
2.0.6 Fix #5: Make the list of event types to monitor an option.
2.0.5 Removed more debug statements.
2.0.4 Fix #4: Removed debug statement.
2.0.3 Unset data-dirty on form submit, to prevent onbeforeunload.
2.0.2 Added confirmFormDiscard and onbeforeunload handler.
2.0.1 Traded POST ping request for a GET ping request, removed CSRF code.
2.0.0 Rewrite with unit tests.