django/docs/releases/1.4.9.txt

==========================
Django 1.4.9 release notes
==========================

*October 23, 2013*

Django 1.4.9 fixes a security-related bug in the 1.4 series and one other
data corruption bug.

Readdressed denial-of-service via password hashers
--------------------------------------------------

Django 1.4.8 imposes a 4096-byte limit on passwords in order to mitigate a
denial-of-service attack through submission of bogus but extremely large
passwords. In Django 1.4.9, we've reverted this change and instead improved
the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.

Bugfixes
========

* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256).
Added 1.5.5 and 1.4.9 release notes 2013-09-25 21:33:29 +08:00			`==========================`
			`Django 1.4.9 release notes`
			`==========================`

Bumped release date for 1.5.5 & 1.4.9. 2013-10-24 06:28:41 +08:00			`October 23, 2013`
Added 1.5.5 and 1.4.9 release notes 2013-09-25 21:33:29 +08:00
			`Django 1.4.9 fixes a security-related bug in the 1.4 series and one other`
			`data corruption bug.`

			`Readdressed denial-of-service via password hashers`
			`--------------------------------------------------`

			`Django 1.4.8 imposes a 4096-byte limit on passwords in order to mitigate a`
			`denial-of-service attack through submission of bogus but extremely large`
Fixed typo in docs/releases/1.4.9.txt. 2013-10-24 17:11:52 +08:00			`passwords. In Django 1.4.9, we've reverted this change and instead improved`
Added 1.5.5 and 1.4.9 release notes 2013-09-25 21:33:29 +08:00			`the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.`

			`Bugfixes`
			`========`

			* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256).