flask-security (4.0.0-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Possible open redirect vulnerability
    - debian/patches/CVE-2021-23385.patch: Updated
      flask_security/core.py, flask_security/utils.py and tests/test_misc.py
      to prevent possible URL validation bypass and user redirection to an
      arbitrary URL by providing multiple back slashes such as
      \\\evil.com/path.
    - CVE-2021-23385 

 -- Chrisa Oikonomou <chrisa.oikonomou@canonical.com>  Tue, 21 May 2024 17:43:56 +0300

flask-security (4.0.0-1) unstable; urgency=medium

  * Team upload.

  [ Debian Janitor ]
  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
    Repository-Browse.

  [ Ondřej Nový ]
  * d/control: Update Maintainer field with new Debian Python Team
    contact address.
  * d/control: Update Vcs-* fields with new Debian Python Team Salsa
    layout.

  [ Christoph Berg ]
  * New upstream version 4.0.0.
    + Fixes /login and /change vulnerability. (Closes: 980189, CVE-2021-21241)

 -- Christoph Berg <myon@debian.org>  Mon, 01 Feb 2021 15:42:21 +0100

flask-security (3.4.2-2) unstable; urgency=medium

  * Team upload.
  * Remove Depends on python-setuptools (Closes: #943002)

 -- Scott Talbert <swt@techie.net>  Mon, 06 Jul 2020 14:05:29 -0400

flask-security (3.4.2-1) unstable; urgency=medium

  * Team upload.

  [ Ondřej Nový ]
  * d/control: Set Vcs-* to salsa.debian.org
  * d/control: Add Vcs-* field
  * d/watch: Use https protocol
  * Use debhelper-compat instead of debian/compat.

  [ Christoph Berg ]
  * Switch upstream to Flask-Security-Too.
  * New ustream version 3.4.2.
  * Use DH 13.
  * Add debian/gitlab-ci.yml.
  * Add twine and wheel to Build-Depends, setup.py wants them.
  * Add python3-flask-babelex to Build-Depends.
  * Add python3-speaklater to Depends.
  * Ignore changes in egg-info files when building source package.
  * Remove Flask version annotation so we can be installed on stretch and
    xenial/bionic.

 -- Christoph Berg <myon@debian.org>  Tue, 12 May 2020 18:57:33 +0200

flask-security (1.7.5-2) unstable; urgency=medium

  * Team upload.
  * Put debian/* under MIT.
  * Disable mongodb build dependencies, needed for tests not yet executed.

 -- Christoph Berg <christoph.berg@credativ.de>  Wed, 24 Jan 2018 11:38:20 +0100

flask-security (1.7.5-1) unstable; urgency=low

  * Team upload.

  [ Adrian Vondendriesch ]
  * Initial package version.

  [ Christoph Berg ]
  * Package intentionally not updated to version 3.0.0 yet as the new
    flask-babelex dependency is still under discussion.
    https://github.com/mattupstate/flask-security/issues/715
  * Remove .DS_Store files.

 -- Christoph Berg <christoph.berg@credativ.de>  Tue, 02 Jan 2018 14:06:47 +0100
