Releases: indico/flask-multipass
Releases · indico/flask-multipass
v0.6
- Drop support for Python 3.8 (3.8 is EOL since Oct 2024)
- Remove upper version pins of dependencies
- Support friendly names for SAML assertions (set
'saml_friendly_names': True
in the auth provider settings) - Include more verbose authentication data in
IdentityRetrievalFailed
exception details
v0.5.6
- Reject invalid
next
URLs with backslashes that could be used to trick browsers into redirecting to an otherwise disallowed host when doing client-side redirects
v0.5.5
- Ensure only valid schemas (http and https) can be used when validating the
next
URL - Deprecate the
flask_multipass.__version__
attribute
v0.5.4
- Skip LDAP users that do not have the specified
uid
attribute set instead of failing with an error
v0.5.3
- Skip LDAP group members that do not have the specified
uid
attribute set instead of failing with an error
v0.5.2
- Add
ldap_or_authinfo
identity provider which behaves exactly like theldap
provider, but if the user cannot be found in LDAP, it falls back to the data from the auth provider (typically Shibboleth)
v0.5.1
- Fix compatibility with Python 3.8 and 3.9
v0.5
- Drop support for Python 3.7 and older (3.7 is EOL since June 2023)
- Declare explicit compatibility with Python 3.11
- Support werkzeug 3.0
- Fail more gracefully if Authlib (OIDC) login provider is down