Z3c.authenticator

--------------------

- Changed manifest to actually include the page templates.

--------------------

- Added version Trove classifiers.

--------------------

- Dropped support for Python 2.4 and 2.5, added Python 3.3 support.

- Removed dependencies on ``zope.app`` packages.

------------------

- Bugfix: Did not handle unicode IUser.login values.

- Fixed DeprecationWarnings.

------------------

- Security Fix: move camefrom url to a session variable instead of exposing
the url in the login form. Because the camefrom url is built at server side
based on local information and will always only use internal traversal names.
Exposing this camefrom query in the login url gives others only a point to
attack because it could be simply set by a unfriendly domain with a custom
url. This is much better since such a unfriendly 3rd party domain url doesn't
get redirected by default based on the changes in zope.publisher's redirect
method. (zope.publisher 3.9.3 does only redirect to urls located in the same
domain by default)

Remove all camefrom widgets and queries in our custom forms if you use any.
You can just set and get the camefrom session variable in your custom forms
if you need to.

------------------

- Bugfix: Failed miserably on challenge on pages having non-ASCII names.