Release plain-oauth 0.25.0

davegaeddert · davegaeddert · commit e31fae05b92d · 2025-08-19T10:12:12.000-05:00
diff --git a/plain-oauth/plain/oauth/CHANGELOG.md b/plain-oauth/plain/oauth/CHANGELOG.md
@@ -1,5 +1,15 @@
 # plain-oauth changelog
 
+## [0.25.0](https://github.com/dropseed/plain/releases/plain-oauth@0.25.0) (2025-08-19)
+
+### What's changed
+
+- Removed requirement for manual `{{ csrf_input }}` in OAuth forms - CSRF protection now uses `Sec-Fetch-Site` headers automatically ([9551508](https://github.com/dropseed/plain/commit/955150800c))
+
+### Upgrade instructions
+
+- Remove `{{ csrf_input }}` from any OAuth forms in your templates (login, connect, disconnect forms) - CSRF protection is now handled automatically
+
 ## [0.24.2](https://github.com/dropseed/plain/releases/plain-oauth@0.24.2) (2025-08-05)
 
 ### What's changed
diff --git a/plain-oauth/pyproject.toml b/plain-oauth/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "plain.oauth"
-version = "0.24.2"
+version = "0.25.0"
 description = "Let users log in with OAuth providers."
 authors = [{name = "Dave Gaeddert", email = "dave.gaeddert@dropseed.dev"}]
 license = "BSD-3-Clause"
diff --git a/uv.lock b/uv.lock
