innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
django1/django
History
Russell Keith-Magee aae5a96d57 Ensure that passwords are never long enough for a DoS. 
* Limit the password length to 4096 bytes
  * Password hashers will raise a ValueError
  * django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change

Thanks to Josh Wright for the report, and Donald Stufft for the patch.

This is a security fix; disclosure to follow shortly.
 		2013-09-15 13:42:23 +08:00
..
bin Removed daily_cleanup.py script as per deprecation TL. 2013-06-28 21:48:16 -03:00
conf Revert "Fixed #12288 -- Validated that app names in INSTALLED_APPS are unique" 2013-09-14 07:19:32 -04:00
contrib Ensure that passwords are never long enough for a DoS. 2013-09-15 13:42:23 +08:00
core Fixed #21097 - Added DatabaseFeature.can_introspect_autofield 2013-09-14 09:48:59 +03:00
db REmoved some unused imports 2013-09-14 12:34:57 -07:00
dispatch Fixed #20943 -- Weakly reference senders when caching their associated receivers 2013-08-21 22:30:45 +01:00
forms Improved deprecation warning for change in form boolean values. 2013-09-10 14:24:34 -04:00
http Fixed #18403 -- Initialized bad_cookies in SimpleCookie 2013-09-10 08:26:54 -04:00
middleware Deprecated SortedDict (replaced with collections.OrderedDict) 2013-08-04 07:09:39 -04:00
shortcuts More import removals 2013-06-29 11:58:36 +02:00
template Prevented arbitrary file inclusion with {% ssi %} tag and relative paths. 2013-09-10 21:02:48 -04:00
templatetags Took advantage of django.utils.six.moves.urllib.*. 2013-09-05 14:39:23 -05:00
test REmoved some unused imports 2013-09-14 12:34:57 -07:00
utils Fixed #21060 -- Refactored admin's autodiscover method to make it reusable. 2013-09-13 20:09:41 -04:00
views Merge pull request #1580 from ianawilson/ticket_16502 2013-09-06 15:31:25 -07:00
__init__.py Master is now pre-1.7. 2013-06-28 08:56:45 -05:00