diff options
| author | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-07-31 07:33:13 +0200 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-07-31 22:05:02 +0200 |
| commit | 1d6fdca557e674b9a789b51caadca8985e588492 (patch) | |
| tree | 86132a2a630f06698daaed5ab869ce94c5e064f2 /docs | |
| parent | f4ac167119e8897c398527c392ed117326496652 (diff) | |
Refs #27468 -- Added tests and release notes for signing.dumps()/loads() changes.
Follow up to 71c4fb7beb8e3293243140e4bd74e53989196440.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/internals/deprecation.txt | 4 | ||||
| -rw-r--r-- | docs/releases/3.1.txt | 7 | ||||
| -rw-r--r-- | docs/topics/signing.txt | 4 |
3 files changed, 10 insertions, 5 deletions
diff --git a/docs/internals/deprecation.txt b/docs/internals/deprecation.txt index 826c2ee814..e472d5a443 100644 --- a/docs/internals/deprecation.txt +++ b/docs/internals/deprecation.txt @@ -76,6 +76,10 @@ details on these changes. * Support for the pre-Django 3.1 ``django.core.signing.Signer`` signatures (encoded with the SHA-1 algorithm) will be removed. +* Support for the pre-Django 3.1 ``django.core.signing.dumps()`` signatures + (encoded with the SHA-1 algorithm) in ``django.core.signing.loads()`` will be + removed. + * Support for the pre-Django 3.1 user sessions (that use the SHA-1 algorithm) will be removed. diff --git a/docs/releases/3.1.txt b/docs/releases/3.1.txt index 22e47c93ae..59980ef310 100644 --- a/docs/releases/3.1.txt +++ b/docs/releases/3.1.txt @@ -418,9 +418,10 @@ Security origins. If you need the previous behavior, explicitly set :setting:`SECURE_REFERRER_POLICY` to ``None``. -* The default :class:`django.core.signing.Signer` algorithm is changed to the - SHA-256. Support for signatures made with the old SHA-1 algorithm remains - until Django 4.0. +* The default algorithm of :class:`django.core.signing.Signer`, + :meth:`django.core.signing.loads`, and :meth:`django.core.signing.dumps` is + changed to the SHA-256. Support for signatures made with the old SHA-1 + algorithm remains until Django 4.0. Also, the new ``algorithm`` parameter of the :class:`~django.core.signing.Signer` allows customizing the hashing diff --git a/docs/topics/signing.txt b/docs/topics/signing.txt index 43d1b00c4a..b015f4bd87 100644 --- a/docs/topics/signing.txt +++ b/docs/topics/signing.txt @@ -187,8 +187,8 @@ and tuples) if you pass in a tuple, you will get a list from .. function:: dumps(obj, key=None, salt='django.core.signing', serializer=JSONSerializer, compress=False) - Returns URL-safe, sha1 signed base64 compressed JSON string. Serialized - object is signed using :class:`~TimestampSigner`. + Returns URL-safe, signed base64 compressed JSON string. Serialized object + is signed using :class:`~TimestampSigner`. .. function:: loads(string, key=None, salt='django.core.signing', serializer=JSONSerializer, max_age=None) |
