Описание
An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| django-allauth | fixed | 65.15.0-1 | package | |
| django-allauth | no-dsa | trixie | package | |
| django-allauth | no-dsa | bookworm | package | |
| django-allauth | postponed | bullseye | package |
Примечания
https://allauth.org/news/2025/10/django-allauth-65.13.0-released/
Связанные уязвимости
An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected.
An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected.
django-allauth does not reject access tokens for inactive users