chango.git, branch 1.4.8

chango.git, branch 1.4.8 django http://cgit.adnoto.dev/chango.git/atom?h=1.4.8 2013-09-15T06:02:38Z [1.4.x] Removed usage of b"" string syntax for Python 2.5 compatibility. 2013-09-15T06:02:38Z Russell Keith-Magee russell@keith-magee.com 2013-09-15T06:02:38Z urn:sha1:6903d1690a92aa040adfb0c8eb37cf62e4206714 Refs commit 3f3d887a6844ec2db743fee64c9e53e04d39a368. [1.4.x] Add release notes and bump version numbers for 1.4.8 security release. 2013-09-15T05:53:07Z James Bennett james@b-list.org 2013-09-15T05:53:07Z urn:sha1:3ffc7b52f8704443ef0c20f34bb50c9144898ef7 [1.4.x] Ensure that passwords are never long enough for a DoS. 2013-09-15T05:49:16Z Russell Keith-Magee russell@keith-magee.com 2013-09-15T05:49:16Z urn:sha1:3f3d887a6844ec2db743fee64c9e53e04d39a368 * Limit the password length to 4096 bytes * Password hashers will raise a ValueError * django.contrib.auth forms will fail validation * Document in release notes that this is a backwards incompatible change Thanks to Josh Wright for the report, and Donald Stufft for the patch. This is a security fix; disclosure to follow shortly. Backport of aae5a96d5754ad34e48b7f673ef2411a3bbc1015 from master. Fixed #18923 -- Corrected usage of sensitive_post_parameters in contrib.auth 2013-09-13T14:18:55Z Tim Graham timograham@gmail.com 2013-08-02T18:46:17Z urn:sha1:75d2bcda10f00366e6d847f2c90db3e772433e46 Thanks Collin Anderson for the report. Backport of 425d076d0c from master [1.4.x] Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH. 2013-09-11T12:18:56Z Tim Graham timograham@gmail.com 2013-09-11T12:17:15Z urn:sha1:cca302cde6b524992d89add9b9f293d86ac8fba0 Thanks EvilDMP for the report and Russell Keith-Magee for the draft text. Backport of da843e7dba from master Merge pull request #1616 from loic/fix1.4 2013-09-11T11:30:45Z Florian Apolloner florian@apolloner.eu 2013-09-11T11:30:45Z urn:sha1:434d122a74647c647f906aaabe235ae62601682d Fixed failing test introduced by 87d2750b39. [1.4.x] Bump version post-release. 2013-09-11T11:06:09Z Tim Graham timograham@gmail.com 2013-09-11T11:02:07Z urn:sha1:fba6af5a1ed5924f400666f6747e706a20cceadc Fixed failing test introduced by 87d2750b39. 2013-09-11T11:05:39Z Loic Bistuer loic.bistuer@sixmedia.com 2013-09-11T11:05:39Z urn:sha1:3203f684e8e51cbfa1b39d7b6a56e340981ad4d5 The {% ssi %} tag in Django 1.4 doesn't support spaces in its argument. Skip the test if run from a location that contains a space. [1.4.x] Bump version numbers for 1.4.7 security release. 2013-09-11T01:15:38Z James Bennett james@b-list.org 2013-09-11T01:15:38Z urn:sha1:701c1a11bc1ea94e48199f4c0711472fbcfd99c3 Added 1.4.7 release notes 2013-09-11T01:09:47Z Tim Graham timograham@gmail.com 2013-08-23T10:49:37Z urn:sha1:d1dc8a0d009436c76321f0a70addf679ebf6ff56 Backport of baec6a26dd from master