Hi, It looks to me like this has introduced a slight behaviour difference with 1.11 on python 2.7 than on 3.x:
https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2#diff-e840e362abe9e625eee52d91897400bdR36 The release notes don't indicate what the difference in behaviour is between python 2 and 3. I'm trying to follow the change and test cases but it looks like if you have two users '[email protected]' and 'mı[email protected]' (which is highly unlikely anyway to happen legitimately) neither can reset their password anymore on py2? See: https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2#diff-d4ef44f66fdc7127c6178eee0fdcaf57R697 I'm guessing this was found after the similar GitHub vulnerability was found? Thanks for the hard work! On Wednesday, December 18, 2019 at 9:23:35 AM UTC, Mariusz Felisiak wrote: > > Details are available on the Django project weblog: > > https://www.djangoproject.com/weblog/2019/dec/18/security-releases/ > > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/5cde448c-7631-472f-857f-168bd872fe3e%40googlegroups.com.
