summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorClaude Paroz <claude@2xlibre.net>2020-01-17 10:09:55 +0100
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2020-02-12 21:46:56 +0100
commitda4923ea87124102aae4455e947ce24599c0365b (patch)
treec2bb4329144e9a384b3b671095c1c7a1bbcac2cb /docs
parent27f67317da73f97fbe61444d5a3633584fc4f644 (diff)
Refs #27468 -- Made PasswordResetTokenGenerator use SHA-256 algorithm.
Diffstat (limited to 'docs')
-rw-r--r--docs/internals/deprecation.txt3
-rw-r--r--docs/releases/3.1.txt3
2 files changed, 6 insertions, 0 deletions
diff --git a/docs/internals/deprecation.txt b/docs/internals/deprecation.txt
index db6df0fbbe..6b94bc1a3a 100644
--- a/docs/internals/deprecation.txt
+++ b/docs/internals/deprecation.txt
@@ -49,6 +49,9 @@ details on these changes.
* Support for the pre-Django 3.1 encoding format of cookies values used by
``django.contrib.messages.storage.cookie.CookieStorage`` will be removed.
+* Support for the pre-Django 3.1 password reset tokens in the admin site (that
+ use the SHA-1 hashing algorithm) will be removed.
+
See the :ref:`Django 3.1 release notes <deprecated-features-3.1>` for more
details on these changes.
diff --git a/docs/releases/3.1.txt b/docs/releases/3.1.txt
index 6bf57e0de3..df7aad8dd2 100644
--- a/docs/releases/3.1.txt
+++ b/docs/releases/3.1.txt
@@ -56,6 +56,9 @@ Minor features
instead of deprecated ``PASSWORD_RESET_TIMEOUT_DAYS``, which will be removed
in Django 4.0.
+* The password reset mechanism now uses the SHA-256 hashing algorithm. Support
+ for tokens that use the old hashing algorithm remains until Django 4.0.
+
:mod:`django.contrib.contenttypes`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~