0.47.0 (2021-12-09)
*******************

Note worthy changes
-------------------

- New providers: Gumroad.


Backwards incompatible changes
------------------------------

- Added a new setting ``SOCIALACCOUNT_LOGIN_ON_GET`` that controls whether or not
  the endpoints for initiating a social login (for example,
  "/accounts/google/login/") require a POST request to initiate the
  handshake. As requiring a POST is more secure, the default of this new setting
  is ``False``.


Security notice
---------------

Automatically signing in users into their account and connecting additional
third party accounts via a simple redirect ("/accounts/facebook/login/") can
lead to unexpected results and become a security issue especially when the
redirect is triggered from a malicious web site. For example, if an attacker
prepares a malicious website that (ab)uses the Facebook password recovery
mechanism to first sign into his/her own Facebook account, followed by a
redirect to connect a new social account, you may end up with the attacker's
Facebook account added to the account of the victim. To mitigate this,
``SOCIALACCOUNT_LOGIN_ON_GET`` is introduced.


0.46.0 (2021-11-15)
*******************

Note worthy changes
-------------------

- New providers: Gitea, MediaWiki.

- New translations: Georgian, Mongolian.

- Django 3.2 compatibility.


0.45.0 (2021-07-11)
*******************


Note worthy changes
-------------------

- New providers: Feishu, NetIQ, Frontier, CILogin.
