summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/internals/deprecation.txt3
-rw-r--r--docs/releases/3.1.txt8
-rw-r--r--docs/topics/signing.txt15
3 files changed, 23 insertions, 3 deletions
diff --git a/docs/internals/deprecation.txt b/docs/internals/deprecation.txt
index 257b9a3bf4..76b379ef5a 100644
--- a/docs/internals/deprecation.txt
+++ b/docs/internals/deprecation.txt
@@ -54,6 +54,9 @@ details on these changes.
* Support for the pre-Django 3.1 encoding format of sessions will be removed.
+* Support for the pre-Django 3.1 ``django.core.signing.Signer`` signatures
+ (encoded with the SHA-1 algorithm) will be removed.
+
* The ``get_request`` argument for
``django.utils.deprecation.MiddlewareMixin.__init__()`` will be required and
won't accept ``None``.
diff --git a/docs/releases/3.1.txt b/docs/releases/3.1.txt
index 384fa43dfb..55f539d534 100644
--- a/docs/releases/3.1.txt
+++ b/docs/releases/3.1.txt
@@ -404,6 +404,14 @@ Security
origins. If you need the previous behavior, explicitly set
:setting:`SECURE_REFERRER_POLICY` to ``None``.
+* The default :class:`django.core.signing.Signer` algorithm is changed to the
+ SHA-256. Support for signatures made with the old SHA-1 algorithm remains
+ until Django 4.0.
+
+ Also, the new ``algorithm`` parameter of the
+ :class:`~django.core.signing.Signer` allows customizing the hashing
+ algorithm.
+
Serialization
~~~~~~~~~~~~~
diff --git a/docs/topics/signing.txt b/docs/topics/signing.txt
index 5fa537c579..7927333914 100644
--- a/docs/topics/signing.txt
+++ b/docs/topics/signing.txt
@@ -81,12 +81,17 @@ generate signatures. You can use a different secret by passing it to the
>>> value
'My string:EkfQJafvGyiofrdGnuthdxImIJw'
-.. class:: Signer(key=None, sep=':', salt=None)
+.. class:: Signer(key=None, sep=':', salt=None, algorithm='sha256')
Returns a signer which uses ``key`` to generate signatures and ``sep`` to
separate values. ``sep`` cannot be in the `URL safe base64 alphabet
<https://tools.ietf.org/html/rfc4648#section-5>`_. This alphabet contains
- alphanumeric characters, hyphens, and underscores.
+ alphanumeric characters, hyphens, and underscores. ``algorithm`` must be an
+ algorithm supported by :py:mod:`hashlib`.
+
+ .. versionchanged:: 3.1
+
+ The ``algorithm`` parameter was added.
Using the ``salt`` argument
---------------------------
@@ -139,7 +144,7 @@ created within a specified period of time::
>>> signer.unsign(value, max_age=timedelta(seconds=20))
'hello'
-.. class:: TimestampSigner(key=None, sep=':', salt=None)
+.. class:: TimestampSigner(key=None, sep=':', salt=None, algorithm='sha256')
.. method:: sign(value)
@@ -151,6 +156,10 @@ created within a specified period of time::
otherwise raises ``SignatureExpired``. The ``max_age`` parameter can
accept an integer or a :py:class:`datetime.timedelta` object.
+ .. versionchanged:: 3.1
+
+ The ``algorithm`` parameter was added.
+
Protecting complex data structures
----------------------------------