diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/internals/howto-release-django.txt | 7 | ||||
| -rw-r--r-- | docs/releases/1.6.txt | 7 |
2 files changed, 14 insertions, 0 deletions
diff --git a/docs/internals/howto-release-django.txt b/docs/internals/howto-release-django.txt index 5bda2e8add..1bd357ee2d 100644 --- a/docs/internals/howto-release-django.txt +++ b/docs/internals/howto-release-django.txt @@ -88,6 +88,13 @@ any time leading up to the actual release: emails at *FIXME WHERE?*. This email should be signed by the key you'll use for the release, and should include patches for each issue being fixed. +#. If this is a major release, make sure the tests pass, then increase + the default PBKDF2 iterations in + ``django.contrib.auth.hashers.PBKDF2PasswordHasher`` by about 10% + (pick a round number). Run the tests, and update the 3 failing + hasher tests with the new values. Make sure this gets noted in the + release notes (see release notes on 1.6 for an example). + #. As the release approaches, watch Trac to make sure no release blockers are left for the upcoming release. diff --git a/docs/releases/1.6.txt b/docs/releases/1.6.txt index ff71c1ce4e..073bd81323 100644 --- a/docs/releases/1.6.txt +++ b/docs/releases/1.6.txt @@ -365,6 +365,13 @@ Minor features a list (except on SQLite). This has long been possible (but not officially supported) on MySQL and PostgreSQL, and is now also available on Oracle. +* The default iteration count for the PBKDF2 password hasher has been + increased by 20%. This backwards compatible change will not affect + existing passwords or users who have subclassed + `django.contrib.auth.hashers.PBKDF2PasswordHasher`` to change the + default value. + + Backwards incompatible changes in 1.6 ===================================== |
