diff options
| author | Claude Paroz <claude@2xlibre.net> | 2020-01-17 10:09:55 +0100 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-02-12 21:46:56 +0100 |
| commit | da4923ea87124102aae4455e947ce24599c0365b (patch) | |
| tree | c2bb4329144e9a384b3b671095c1c7a1bbcac2cb /docs | |
| parent | 27f67317da73f97fbe61444d5a3633584fc4f644 (diff) | |
Refs #27468 -- Made PasswordResetTokenGenerator use SHA-256 algorithm.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/internals/deprecation.txt | 3 | ||||
| -rw-r--r-- | docs/releases/3.1.txt | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/docs/internals/deprecation.txt b/docs/internals/deprecation.txt index db6df0fbbe..6b94bc1a3a 100644 --- a/docs/internals/deprecation.txt +++ b/docs/internals/deprecation.txt @@ -49,6 +49,9 @@ details on these changes. * Support for the pre-Django 3.1 encoding format of cookies values used by ``django.contrib.messages.storage.cookie.CookieStorage`` will be removed. +* Support for the pre-Django 3.1 password reset tokens in the admin site (that + use the SHA-1 hashing algorithm) will be removed. + See the :ref:`Django 3.1 release notes <deprecated-features-3.1>` for more details on these changes. diff --git a/docs/releases/3.1.txt b/docs/releases/3.1.txt index 6bf57e0de3..df7aad8dd2 100644 --- a/docs/releases/3.1.txt +++ b/docs/releases/3.1.txt @@ -56,6 +56,9 @@ Minor features instead of deprecated ``PASSWORD_RESET_TIMEOUT_DAYS``, which will be removed in Django 4.0. +* The password reset mechanism now uses the SHA-256 hashing algorithm. Support + for tokens that use the old hashing algorithm remains until Django 4.0. + :mod:`django.contrib.contenttypes` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
