diff options
Diffstat (limited to 'docs/releases/6.1.txt')
| -rw-r--r-- | docs/releases/6.1.txt | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/releases/6.1.txt b/docs/releases/6.1.txt index f9fb779ff3..7ef149f40c 100644 --- a/docs/releases/6.1.txt +++ b/docs/releases/6.1.txt @@ -331,6 +331,13 @@ Requests and Responses the :func:`~django.shortcuts.redirect` shortcut, now accept a ``max_length`` parameter to override the default maximum URL length limit. +Security +~~~~~~~~ + +* Signed cookies now use an unambiguous salt derivation by default. Set + :setting:`SIGNED_COOKIE_LEGACY_SALT_FALLBACK` to ``True`` to continue + accepting legacy signed cookies. + Serialization ~~~~~~~~~~~~~ @@ -508,6 +515,9 @@ Miscellaneous * The minimum supported version of SQLite is increased from 3.31.0 to 3.37.0. +* The default value of the transitional setting + :setting:`SIGNED_COOKIE_LEGACY_SALT_FALLBACK` is now ``False``. + * :class:`~django.contrib.contenttypes.fields.GenericForeignKey` now uses a separate descriptor class: the private ``GenericForeignKeyDescriptor``. @@ -625,6 +635,9 @@ Miscellaneous * The :setting:`USE_BLANK_CHOICE_DASH` transitional setting is deprecated. +* The :setting:`SIGNED_COOKIE_LEGACY_SALT_FALLBACK` transitional setting is + deprecated. + * The undocumented ``get_placeholder`` method of :class:`~django.db.models.Field` is deprecated in favor of the newly introduced ``get_placeholder_sql`` method, which has the same input signature |