Release 5.1.3.

Author: ubernostrum

docs/changelog.rst

@@ -64,6 +64,18 @@ The API stability/deprecation policy for ``pwned-passwords-django`` is as follow
 Releases under DjangoVer
 ------------------------
 
+Version 5.1.3
+~~~~~~~~~~~~~
+
+Released March 2025
+
+* Ensured multi-value POST payloads are correctly checked by the middleware. This is
+  likely an edge case since even when multiple submissions of a password are desired
+  they are typically differently-named fields in the payload (i.e., a "password" and
+  "confirm password" field in a signup or password change form), but for completeness'
+  sake they should still be handled correctly.
+
+
 Version 5.1.2
 ~~~~~~~~~~~~~
 
@@ -73,6 +85,7 @@ Released March 2025
   pass the wrong value to the fallback validator
   <https://github.com/ubernostrum/pwned-passwords-django/pull/43>`_.
 
+
 Version 5.1.1
 ~~~~~~~~~~~~~
 

docs/spelling_wordlist.txt

@@ -23,5 +23,6 @@ pwned
 Quickstart
 regex
 serializable
+signup
 validator
 validators

pyproject.toml

@@ -35,7 +35,7 @@ keywords = ["django", "security", "passwords", "auth", "authentication"]
 license = {text = "BSD-3-Clause"}
 readme = "README.rst"
 requires-python = ">=3.9"
-version = "5.1.2"
+version = "5.1.3"
 
 [dependency-groups]
 tests = ["nox"]

tests/test_middleware.py

@@ -307,8 +307,8 @@ def test_multiple_values_bad_password(self):
                         get_random_string(length=20),
                         # Django's QueryDict.__getitem__() returns the last value for a
                         # multi-valued key, so to properly test checking of multi-value
-                        # submissions the bad value needs to occur before the last
-                        # position.
+                        # submissions, the bad value has to occur somewhere other than
+                        # the last position.
                         "password",
                         get_random_string(length=10),
                     ]