Workflow

Pwned-passwords-django

Latest version: v5.1.0

Safety actively analyzes 666166 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 3

1.2.1

~~~~~~~~~~~~~

Released June 2018

* Released to correct the date of the 1.2 release listed in this changelog
document.

1.2

~~~~~~~~~~~

Released June 2018

* Password-validator error messages are now :ref:`customizable
<validator-messages>`.

* The request-timeout value for contacting the Pwned Passwords API defaults to
one second, and is customizable via the setting
:data:`~django.conf.settings.PWNED_PASSWORDS_API_TIMEOUT`.

* When a request to the Pwned Passwords API times out, or encounters an error,
it logs the problem with a message of level :data:`logging.WARNING`. The
:class:`~pwned_passwords_django.validators.PwnedPasswordsValidator` will fall
back to
:class:`~django.contrib.auth.password_validation.CommonPasswordValidator`,
which has a smaller list of common passwords. The
:class:`~pwned_passwords_django.middleware.PwnedPasswordsMiddleware` does not
have a fallback behavior; :func:`~pwned_passwords_django.api.pwned_password`
will return :data:`None` to indicate the error case.

* :func:`~pwned_passwords_django.api.pwned_password` will now raise
:exc:`TypeError` if its argument is not a Unicode string (the type
:class:`unicode` on Python 2, :class:`str` on Python 3). This is debatably
backwards-incompatible; :func:`~pwned_passwords_django.api.pwned_password`
encodes its argument to UTF-8 bytes, which will raise :exc:`AttributeError`
if attempted on a :class:`bytes` object in Python 3. As a result, all
supported environments other than Python 2.7/Django 1.11 would already raise
:exc:`AttributeError` (due to :class:`bytes` objects lacking the
:meth:`~str.encode` method) in both 1.0 and 1.1. Enforcing the
:exc:`TypeError` on all supported environments ensures users of
``pwned-passwords-django`` do not write code that accidentally works in one
and only one environment, and supplies a more accurate and comprehensible
exception than the :exc:`AttributeError` which would have been raised in
previous versions.

* The default error and help messages of
:class:`~pwned_passwords_django.validators.PwnedPasswordsValidator` now match
the messages of Django's
:class:`~django.contrib.auth.password_validation.CommonPasswordValidator`. Since
:class:`~pwned_passwords_django.validators.PwnedPasswordsValidator` falls
back to
:class:`~django.contrib.auth.password_validation.CommonPasswordValidator`
when the Pwned Passwords API is unresponsive, this provides consistency of
messages, and also ensures the messages are translated (Django provides
translations for its built-in messages).

1.1

~~~~~~~~~~~

Released March 2018

* Fixed case sensitivity issue. The Pwned Passwords API always uses uppercase
hexadecimal digits for password hashes; ``pwned-passwords-django`` was using
lowercase. Fixed by switching ``pwned-passwords-django`` to use uppercase.

1.0

~~~~~~~~~~~

Released March 2018

* Initial public release.

Page 3 of 3

Links

Releases

Has known vulnerabilities

Previous

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.