From da7910d4834726eca596af0a830762fa5fb2dfd9 Mon Sep 17 00:00:00 2001 From: Marti Raudsepp Date: Mon, 24 Oct 2016 15:22:00 -0400 Subject: Fixed CVE-2016-9013 -- Generated a random database user password when running tests on Oracle. This is a security fix. --- docs/ref/settings.txt | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'docs/ref') diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index a5d8205ba4..494988cc62 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -794,7 +794,12 @@ Default: ``None`` This is an Oracle-specific setting. The password to use when connecting to the Oracle database that will be used -when running tests. If not provided, Django will use a hardcoded default value. +when running tests. If not provided, Django will generate a random password. + +.. versionchanged:: 1.11 + + Older versions used a hardcoded default password. This was also changed + in 1.10.3, 1.9.11, and 1.8.16 to fix possible security implications. .. setting:: TEST_TBLSPACE -- cgit v1.3