django/docs/releases/1.4.9.txt

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

22 lines
704 B
Plaintext
Raw Permalink Normal View History

2013-09-25 21:33:29 +08:00
==========================
Django 1.4.9 release notes
==========================
2013-10-24 06:28:41 +08:00
*October 23, 2013*
2013-09-25 21:33:29 +08:00
Django 1.4.9 fixes a security-related bug in the 1.4 series and one other
data corruption bug.
Readdressed denial-of-service via password hashers
==================================================
2013-09-25 21:33:29 +08:00
Django 1.4.8 imposes a 4096-byte limit on passwords in order to mitigate a
denial-of-service attack through submission of bogus but extremely large
2013-10-24 17:11:52 +08:00
passwords. In Django 1.4.9, we've reverted this change and instead improved
2013-09-25 21:33:29 +08:00
the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.
Bugfixes
========
* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256).