From da4923ea87124102aae4455e947ce24599c0365b Mon Sep 17 00:00:00 2001 From: Claude Paroz Date: Fri, 17 Jan 2020 10:09:55 +0100 Subject: Refs #27468 -- Made PasswordResetTokenGenerator use SHA-256 algorithm. --- docs/internals/deprecation.txt | 3 +++ docs/releases/3.1.txt | 3 +++ 2 files changed, 6 insertions(+) (limited to 'docs') diff --git a/docs/internals/deprecation.txt b/docs/internals/deprecation.txt index db6df0fbbe..6b94bc1a3a 100644 --- a/docs/internals/deprecation.txt +++ b/docs/internals/deprecation.txt @@ -49,6 +49,9 @@ details on these changes. * Support for the pre-Django 3.1 encoding format of cookies values used by ``django.contrib.messages.storage.cookie.CookieStorage`` will be removed. +* Support for the pre-Django 3.1 password reset tokens in the admin site (that + use the SHA-1 hashing algorithm) will be removed. + See the :ref:`Django 3.1 release notes ` for more details on these changes. diff --git a/docs/releases/3.1.txt b/docs/releases/3.1.txt index 6bf57e0de3..df7aad8dd2 100644 --- a/docs/releases/3.1.txt +++ b/docs/releases/3.1.txt @@ -56,6 +56,9 @@ Minor features instead of deprecated ``PASSWORD_RESET_TIMEOUT_DAYS``, which will be removed in Django 4.0. +* The password reset mechanism now uses the SHA-256 hashing algorithm. Support + for tokens that use the old hashing algorithm remains until Django 4.0. + :mod:`django.contrib.contenttypes` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.3