Pwned-passwords-django

~~~~~~~~~~~~~

Released March 2025

* Ensured multi-value POST payloads are correctly checked by the middleware. This is
likely an edge case since even when multiple submissions of a password are desired
they are typically differently-named fields in the payload (i.e., a "password" and
"confirm password" field in a signup or password change form), but for completeness'
sake they should still be handled correctly.

~~~~~~~~~~~~~

Released March 2025

* Fixed a bug where the fallback to Django's common-password validator `would
pass the wrong value to the fallback validator
<https://github.com/ubernostrum/pwned-passwords-django/pull/43>`_.

~~~~~~~~~~~~~

Released November 2024

* Supported Python versions are now 3.9, 3.10, 3.11, 3.12, and 3.13.

~~~~~~~~~~~~~

Released August 2024

* Supported Django versions are now 4.2, 5.0, and 5.1.

Django 5.0 (after 5.0.0 and 5.0.1). Since the Django project at the time was
supporting Django 5.0 and 4.2, that version of ``pwned-passwords-django`` would
also support Django 5.0 and 4.2.


API stability and deprecations
------------------------------

The API stability/deprecation policy for ``pwned-passwords-django`` is as follows:

* The supported stable public API is the set of symbols which are documented in
this documentation. For classes, the supported stable public API is the set
of methods and attributes of those classes whose names do not begin with one
or more underscore (``_``) characters and which are documented in this
documentation.

* When a public API is to be removed, or undergo a backwards-incompatible
change, it will emit a deprecation warning which serves as notice of the
intended removal or change. This warning will be emitted for at least two
releases, after which the removal or change may occur without further
warning. This is different from Django's own deprecation policy, which avoids
completing a removal/change in "LTS"-designated releases. Since
``pwned-passwords-django`` does not have "LTS" releases, it does not need
that exception.

* Security fixes, and fixes for high-severity bugs (such as those which might
cause unrecoverable crash or data loss), are not required to emit deprecation
warnings, and may -- if needed -- impose backwards-incompatible change in any
release. If this occurs, this changelog document will contain a note
explaining why the usual deprecation process could not be followed for that
case.

* This policy is in effect as of the adoption of "DjangoVer" versioning, with
version 5.0.0 of ``pwned-passwords-django``.


Releases under DjangoVer
------------------------

~~~~~~~~~~~~~

Released May 2024

* Adopted "DjangoVer" versioning.

* Supported Django versions are now 4.2 and 5.0.

* Expanded/reorganized documentation.


Releases not under DjangoVer
----------------------------