django-session-security/CHANGELOG at master · yourlabs/django-session-security · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
2.6.8 release

    Fix #46: handle sessions stored without microseconds (ValueError in get_last_activity)
    Fix #114: guard reverse('session_security_ping') with NoReverseMatch catch
    Fix #133: Django 5.x logout now uses POST form instead of GET redirect
    Fix #34: nextPing declared as let in script.js apply() to avoid implicit global
    Fix #148: Selenium 4.3+ compat — replace deprecated find_element_by_*() calls,
              drop unmaintained unittest-data-provider
    Fix doctest: catch KeyError in get_last_activity when session key is absent
    Fix redirect_to_logout template tag to read SESSION_SECURITY_REDIRECT_TO_LOGOUT
        dynamically at call time; add returnToUrl to the SessionSecurity JS constructor
        when the setting is enabled
    Drop dead Django <1.10 / <2.0 compatibility code in middleware.py; remove
        legacy test_project/, unused setup.py commands, duplicate dialog.html tag
    Add ruff linting and doctest job to CI
    Update docs: document all six user-facing settings in quick.rst (closes #95, #134),
        update supported Python/Django versions in README
    Update super() calls in tests to zero-argument form (PR #165)
    Remove six dependency from docs/source/conf.py (PR #159)
    Pin sqlparse>=0.5.0 and zipp>=3.19.1 in docs/requirements.txt (PR #160, #161)
    Update CI to Python 3.10-3.14, Django 4.2-6.0, ubuntu-latest, checkout@v4, setup-python@v5
    Update pyproject.toml classifiers to reflect supported Python/Django versions
    Add **/db.sqlite to .gitignore

2.6.7 release

2.6.7-pre0

	Moved CI from Travis-CI to GitHub Actions
	Django 4.0 support

2.6.6 Django 3.0 support

And test fix, by @jsm222, big thanks !!

2.6.1 #113: Check if session expired on activity by @rbntimes

2.6.0 Release

2.6.0-rc1

    #103: Django 2.0 urlresolvers import fix by @Ruffle0
    #98: Call is_authenticated property instead of function for Django 2.0 by @tpeaton
    #105: Ensure setTimeout() millisecond parameter doesn't exceed max value by @abottc
    Polish translation update by @mpasternak

2.5.1

   - #90: add SESSION_SECURITY_PASSIVE_URL_NAMES setting

2.5.0

    - #79 remove compiled binary from source to comply with Debian source code
      repository policy by @nirgal
    - #81 support django 1.10 by @eriktelepovsky
    - #84 a11y support to modal dialog by @lynnco
    - #85 support for mobile device activity by @kalekseev
    - #88 dutch translation update by @rdekker1
    - #91 test django 1.11 and 2.0 instead of 1.7 by @jpic

2.4.0

    - #75 Fix vulnerability when SESSION_EXPIRE_AT_BROWSER_CLOSE is off
    - #77 Crash if SESSION_EXPIRE_AT_BROWSER_CLOSE is off
    - #78 Update test matrix to have Django 1.10 + master instead of just
      master
    - #74 Created security mailing list

    Thanks @ClaytonDelay for contacting about the issue.
    Note that if you don't have SESSION_EXPIRE_AT_BROWSER_CLOSE=True in your
    settings, then the project won't start unless you set
    SESSION_SECURITY_INSECURE=True, which you shouldn't.

2.3.3 #69: Encode response to JSON by Tatsh

2.3.2

    - #58: Allow for custom expiration based on request (#65) by @mjschultz

2.3.1

    - #57: added redirectTo parameter to the script by Andrei Coman
    - test stabilization with django-sbo-selenium
    - Django 1.10 support

2.3.0 Deprecate support for Django < 1.6

2.2.5 #56: Dj19 support by @eriktelepovsky

2.2.4 #43: Throttle lastActivity updates to once per second by @cuu508

2.2.3 #31: Removed a .mo file

2.2.2

    - #21: Polish translation
    - #23: French translation fix
    - #26: Fix an edge bug discovered in multithreaded environments
    - #30: Use reverse_lazy in settings.py
    - Added to AUTHORS: @mschettler, @mattbo, @nirgal, @mpasternak

2.2.1: #24: Center the modal on the viewport

2.2.0: Pre-build .mo.

2.1.7 #19: Use consistent formatting for the datetime. Fixes random failures in
      test suites. By Scott Sexton.

2.1.6 #18: Spanish translation

2.1.5 #17: Fix l10n error with long numbers @jacoor

2.1.4 #13: Fix clock sync problems by @krillr

2.1.3 Added Brazilian Portuguese Translation

2.1.2 Use {% static %} instead of {{ STATIC_URL }} in all.html

2.1.1

    - Fixed AUTHORS,
    - Added utils to full documentation.
    - Promoted to Production/Stable.

2.1.0

    - Django 1.5 and 1.6 support.
    - Fix #6: Internet Explorer 8 support.
    - Python 3.3 support.
    - Minor BC break: we can't set datetime objects directly in the session
      since django 1.6. Instead, we go through session_security.utils functions
      get_last_activity() and set_last_activity(). If you were touching
      session['_session_security'] directly, you should update your code to use
      those functions.

2.0.6 Fix #5: Make the list of event types to monitor an option.

2.0.5 Removed more debug statements.

2.0.4 Fix #4: Removed debug statement.

2.0.3 Unset data-dirty on form submit, to prevent onbeforeunload.

2.0.2 Added confirmFormDiscard and onbeforeunload handler.

2.0.1 Traded POST ping request for a GET ping request, removed CSRF code.

2.0.0 Rewrite with unit tests.