mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-09-26 12:09:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS.

Browse source
This commit is contained in:
Nick Zaccardi 2017-05-27 16:27:13 -04:00 committed by Tim Graham
parent 8c45b5b903
commit 95993a89ce
3 changed files with 11 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/releases/2.0.txt
View file

@ -355,6 +355,12 @@ Miscellaneous
connection, those queries could be included as part of the
``assertNumQueries()`` count.
* The ``PASSWORD_RESET_TIMEOUT_DAYS`` setting is more properly respected in
``contrib.auth`` password reset. Previously, resets were allowed for one day
longer than expected. For example, with the default of
``PASSWORD_RESET_TIMEOUT_DAYS = 3``, password reset tokens are now valid for
72 hours rather than 96 hours.
.. _deprecated-features-2.0:
Features deprecated in 2.0