Bump version 15.0.4 → 15.0.5

• Bump dependencies:
  • pyjwt[crypto] >=2.12.0,<3.0.0

Bump version 15.0.3 → 15.0.4

• Bump dependencies:
  • pyjwt[crypto] >=2.11.0,<3.0.0
  • python-multipart >=0.0.22,<0.1.0"

Bump version 15.0.2 → 15.0.3

Bug fixes and improvements

• Add cookie parameters added in 15.0.1 to FastAPIUsers.get_oauth_router and FastAPIUsers.get_oauth_associate_router. Thanks @jthurner 🎉

Bump version 15.0.1 → 15.0.2

🛡️ Security Fix

A CSRF vulnerability was identified in the OAuth2 flow. To mitigate this, the authorize endpoint will set a cookie in the response, and this cookie will be expected in the callback request.

In most cases, this change should work out-of-the-box, but in certain scenarios (e.g. cross-domain setups), additional configuration may be required for the cookie to be correctly sent and received. [Read more]

Thanks to @davidbors-snyk from Snyk for his research, responisble disclosure, and assistance in fixing this issue.

Improvements

• Bump dependencies
  • python-multipart ==0.0.21
  • pwdlib[argon2,bcrypt] ==0.3.0

Bump version 15.0.0 → 15.0.1

Announcement

FastAPI Users is now in maintenance mode.** While we'll continue to provide security updates and dependency maintenance, no new features will be added. We encourage you to explore the project and use it as-is, knowing it will remain stable and secure.

[Read more]

Bug fixes

• Handle expired JWT when handling OAuth callback (#1462). Thanks @mdaffad 🎉

Bump version 14.0.2 → 15.0.0

Announcement

FastAPI Users is now in maintenance mode.** While we'll continue to provide security updates and dependency maintenance, no new features will be added. We encourage you to explore the project and use it as-is, knowing it will remain stable and secure.

[Read more]

Breaking changes

• Drop Python 3.9 support.
• Drop Pydantic v1 support.

If you still need them, you can install v14.0.2, which was updated at the same time as this release.

Bump version 14.0.1 → 14.0.2

Announcements

• This is the last release to support Python 3.9 and Pydantic v1.
• FastAPI Users is now in maintenance mode.** While we'll continue to provide security updates and dependency maintenance, no new features will be added. We encourage you to explore the project and use it as-is, knowing it will remain stable and secure. [Read more]

Bug fixes and improvements

• Bump dependencies:
  • email-validator >=1.1.0,<2.4
  • redis >=4.3.3,<8.0.0

Bump version 14.0.0 → 14.0.1

Improvements

• Bump dependencies
  • pyjwt[crypto] ==2.10.1
  • python-multipart ==0.0.20

Bump version 13.0.0 → 14.0.0

Breaking changes

• Drop Python 3.8 support

Improvements

• Bump dependencies:
  • python-multipart ==0.0.17
  • pwdlib[argon2,bcrypt] ==0.2.1
  • pyjwt[crypto] ==2.9.0

Bump version 12.1.3 → 13.0.0

Breaking change

The underlying password hashing library has been changed from passlib to pwdlib. This change is breaking only if you were using a custom CryptContext. Otherwise, you can upgrade without any changes.

Improvements

• Python 3.12 support
• Password are now hashed using the Argon2 algorithm by default. Passwords created with the previous default algorithm (bcrypt) will still be verified correctly and upgraded to Argon2 when the user logs in.
• Bump dependencies
  • python-multipart ==0.0.9