mirror of https://github.com/django/django.git
[1.5.x] Added 1.5.5 and 1.4.9 release notes
Backport of 2eb8f15516
from master
This commit is contained in:
parent
26d1496f90
commit
6e41392838
|
@ -0,0 +1,21 @@
|
|||
==========================
|
||||
Django 1.4.9 release notes
|
||||
==========================
|
||||
|
||||
*October 22, 2013*
|
||||
|
||||
Django 1.4.9 fixes a security-related bug in the 1.4 series and one other
|
||||
data corruption bug.
|
||||
|
||||
Readdressed denial-of-service via password hashers
|
||||
--------------------------------------------------
|
||||
|
||||
Django 1.4.8 imposes a 4096-byte limit on passwords in order to mitigate a
|
||||
denial-of-service attack through submission of bogus but extremely large
|
||||
passwords. In Django 1.5.5, we've reverted this change and instead improved
|
||||
the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.
|
||||
|
||||
Bugfixes
|
||||
========
|
||||
|
||||
* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256).
|
|
@ -0,0 +1,33 @@
|
|||
==========================
|
||||
Django 1.5.5 release notes
|
||||
==========================
|
||||
|
||||
*October 22, 2013*
|
||||
|
||||
Django 1.5.5 fixes a couple security-related bugs and several other bugs in the
|
||||
1.5 series.
|
||||
|
||||
Readdressed denial-of-service via password hashers
|
||||
--------------------------------------------------
|
||||
|
||||
Django 1.5.4 imposes a 4096-byte limit on passwords in order to mitigate a
|
||||
denial-of-service attack through submission of bogus but extremely large
|
||||
passwords. In Django 1.5.5, we've reverted this change and instead improved
|
||||
the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.
|
||||
|
||||
Properly rotate CSRF token on login
|
||||
-----------------------------------
|
||||
|
||||
This behavior introduced as a security hardening measure in Django 1.5.2 did
|
||||
not work properly and is now fixed.
|
||||
|
||||
Bugfixes
|
||||
========
|
||||
|
||||
* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256).
|
||||
* Fixed a Python 3 incompatability in ``django.utils.text.unescape_entities()``
|
||||
(#21185).
|
||||
* Fixed a couple data corruption issues with ``QuerySet`` edge cases under
|
||||
Oracle and MySQL (#21203, #21126).
|
||||
* Fixed crashes when using combinations of ``annotate()``,
|
||||
``select_related()``, and ``only()`` (#16436).
|
|
@ -22,6 +22,7 @@ Final releases
|
|||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
1.5.5
|
||||
1.5.4
|
||||
1.5.3
|
||||
1.5.2
|
||||
|
@ -33,6 +34,7 @@ Final releases
|
|||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
1.4.9
|
||||
1.4.8
|
||||
1.4.7
|
||||
1.4.6
|
||||
|
|
Loading…
Reference in New Issue