mirror of
https://github.com/fastapi-users/fastapi-users.git
synced 2026-03-13 07:49:55 +08:00
Bump version 15.0.1 → 15.0.2
🛡️ Security Fix ---------------- A CSRF vulnerability was identified in the OAuth2 flow. To mitigate this, the authorize endpoint will set a cookie in the response, and this cookie will be expected in the callback request. In most cases, this change should work out-of-the-box, but in certain scenarios (e.g. cross-domain setups), additional configuration may be required for the cookie to be correctly sent and received. [[Read more](https://fastapi-users.github.io/fastapi-users/dev/configuration/oauth/#csrf-cookie-configuration)] **Thanks to @davidbors-snyk from [Snyk](https://github.com/snyk) for his research, responisble disclosure, and assistance in fixing this issue.** Improvements ------------ * Bump dependencies * `python-multipart ==0.0.21` * `pwdlib[argon2,bcrypt] ==0.3.0`
This commit is contained in:
François Voron
@@ -1,6 +1,6 @@
|
||||
"""Ready-to-use and customizable users management for FastAPI."""
|
||||
|
||||
__version__ = "15.0.1"
|
||||
__version__ = "15.0.2"
|
||||
|
||||
from fastapi_users import models, schemas # noqa: F401
|
||||
from fastapi_users.exceptions import InvalidID, InvalidPasswordException
|
||||
|
||||
Reference in New Issue
Block a user