On 2/23/19 7:35 AM, Collin Anderson wrote:
I wouldn't mind just rolling back the security fix (or maybe making a
straightforward way to enable/disable the behavior). We could instead
encourage people to use on any links (from the
password rest page) to untrusted urls.
I don't think it would
I wouldn't mind just rolling back the security fix (or maybe making a
straightforward way to enable/disable the behavior). We could instead
encourage people to use on any links (from the
password rest page) to untrusted urls.
On Friday, February 22, 2019 at 5:03:01 AM UTC-5, Henrik Ossipoff Ha
Hi all.
Calendar Week 6 -- ending 10 February.
Triaged:
https://code.djangoproject.com/ticket/30154 -- i18n: redirects to default
login page if LOGIN_URL = 'login' not specified (Accepted)
https://code.djangoproject.com/ticket/30149 -- Empty value selected check
in Admin Filter prevents sub
Just wanted to chime in and say we also experienced this issue. We ended up
having to revert the security fix that was added to the view in Django just
to avoid the flood of customers reporting they couldn't reset their
passwords on our apps anymore - so I'm assuming this affects a lot of users