diff options
| author | Tim Graham <timograham@gmail.com> | 2013-09-25 09:33:29 -0400 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2013-10-22 17:41:10 -0400 |
| commit | 2eb8f15516089e9b2ab34d9f4eb7a4a3a65ac63e (patch) | |
| tree | 9e6eda31d8c7ebe4cb9009bcc4f4961fc8c65804 | |
| parent | 9704c49d5951aadbfc03624e399d881ebf7a3eb5 (diff) | |
Added 1.5.5 and 1.4.9 release notes
| -rw-r--r-- | docs/releases/1.4.9.txt | 21 | ||||
| -rw-r--r-- | docs/releases/1.5.5.txt | 33 | ||||
| -rw-r--r-- | docs/releases/index.txt | 2 |
3 files changed, 56 insertions, 0 deletions
diff --git a/docs/releases/1.4.9.txt b/docs/releases/1.4.9.txt new file mode 100644 index 0000000000..de66eb78f8 --- /dev/null +++ b/docs/releases/1.4.9.txt @@ -0,0 +1,21 @@ +========================== +Django 1.4.9 release notes +========================== + +*October 22, 2013* + +Django 1.4.9 fixes a security-related bug in the 1.4 series and one other +data corruption bug. + +Readdressed denial-of-service via password hashers +-------------------------------------------------- + +Django 1.4.8 imposes a 4096-byte limit on passwords in order to mitigate a +denial-of-service attack through submission of bogus but extremely large +passwords. In Django 1.5.5, we've reverted this change and instead improved +the speed of our PBKDF2 algorithm by not rehashing the key on every iteration. + +Bugfixes +======== + +* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256). diff --git a/docs/releases/1.5.5.txt b/docs/releases/1.5.5.txt new file mode 100644 index 0000000000..9e1cf97cc9 --- /dev/null +++ b/docs/releases/1.5.5.txt @@ -0,0 +1,33 @@ +========================== +Django 1.5.5 release notes +========================== + +*October 22, 2013* + +Django 1.5.5 fixes a couple security-related bugs and several other bugs in the +1.5 series. + +Readdressed denial-of-service via password hashers +-------------------------------------------------- + +Django 1.5.4 imposes a 4096-byte limit on passwords in order to mitigate a +denial-of-service attack through submission of bogus but extremely large +passwords. In Django 1.5.5, we've reverted this change and instead improved +the speed of our PBKDF2 algorithm by not rehashing the key on every iteration. + +Properly rotate CSRF token on login +----------------------------------- + +This behavior introduced as a security hardening measure in Django 1.5.2 did +not work properly and is now fixed. + +Bugfixes +======== + +* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256). +* Fixed a Python 3 incompatability in ``django.utils.text.unescape_entities()`` + (#21185). +* Fixed a couple data corruption issues with ``QuerySet`` edge cases under + Oracle and MySQL (#21203, #21126). +* Fixed crashes when using combinations of ``annotate()``, + ``select_related()``, and ``only()`` (#16436). diff --git a/docs/releases/index.txt b/docs/releases/index.txt index a0fe22e9bb..a93f3a6301 100644 --- a/docs/releases/index.txt +++ b/docs/releases/index.txt @@ -36,6 +36,7 @@ Final releases .. toctree:: :maxdepth: 1 + 1.5.5 1.5.4 1.5.3 1.5.2 @@ -47,6 +48,7 @@ Final releases .. toctree:: :maxdepth: 1 + 1.4.9 1.4.8 1.4.7 1.4.6 |
