test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[1.6.x] Added 1.5.5 and 1.4.9 release notes 

Backport of 2eb8f15516 from master
This commit is contained in:
Tim Graham 2013-09-25 09:33:29 -04:00
parent 4499dc81e2
commit 2e74d6cb53
3 changed files with 56 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/releases/1.4.9.txt Normal file
View File

@ -0,0 +1,21 @@
==========================
Django 1.4.9 release notes
==========================
*October 22, 2013*
Django 1.4.9 fixes a security-related bug in the 1.4 series and one other
data corruption bug.
Readdressed denial-of-service via password hashers
--------------------------------------------------
Django 1.4.8 imposes a 4096-byte limit on passwords in order to mitigate a
denial-of-service attack through submission of bogus but extremely large
passwords. In Django 1.5.5, we've reverted this change and instead improved
the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.
Bugfixes
========
* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256).

33
docs/releases/1.5.5.txt Normal file
View File

@ -0,0 +1,33 @@
==========================
Django 1.5.5 release notes
==========================
*October 22, 2013*
Django 1.5.5 fixes a couple security-related bugs and several other bugs in the
1.5 series.
Readdressed denial-of-service via password hashers
--------------------------------------------------
Django 1.5.4 imposes a 4096-byte limit on passwords in order to mitigate a
denial-of-service attack through submission of bogus but extremely large
passwords. In Django 1.5.5, we've reverted this change and instead improved
the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.
Properly rotate CSRF token on login
-----------------------------------
This behavior introduced as a security hardening measure in Django 1.5.2 did
not work properly and is now fixed.
Bugfixes
========
* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256).
* Fixed a Python 3 incompatability in ``django.utils.text.unescape_entities()``
(#21185).
* Fixed a couple data corruption issues with ``QuerySet`` edge cases under
Oracle and MySQL (#21203, #21126).
* Fixed crashes when using combinations of ``annotate()``,
``select_related()``, and ``only()`` (#16436).

2
docs/releases/index.txt
View File

@ -29,6 +29,7 @@ Final releases
.. toctree::
:maxdepth: 1
1.5.5
1.5.4
1.5.3
1.5.2
@ -40,6 +41,7 @@ Final releases
.. toctree::
:maxdepth: 1
1.4.9
1.4.8
1.4.7
1.4.6