Fixes the following security vulnerability:
- CVE-2019-19844: Potential account hijack via password reset form
By submitting a suitably crafted email address making use of Unicode
characters, that compared equal to an existing user email when lower-cased
for comparison, an attacker could be sent a password reset token for the
matched account
In addition, a number of bugs have been fixed. For details, see the release
notes:
https://docs.djangoproject.com/en/dev/releases/3.0.1/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
0ea753f8d3