[1.4.x] Added 1.4.9 release notes

Backport of 2eb8f15516 from master
author: Tim Graham <timograham@gmail.com> 2013-09-25 09:33:29 -0400
committer: Tim Graham <timograham@gmail.com> 2013-10-22 20:25:20 -0400
commit: ead7c496a4bdd0eb8e2282ce982e1292846e7c91 (patch)
tree: 94d0f0dc2adf001f95205ce8038966c69f48b0c8
parent: c4f29c91f9ad0fc3982f785f21093ba624ead8f8 (diff)
2 files changed, 22 insertions, 1 deletions
diff --git a/docs/releases/1.4.9.txt b/docs/releases/1.4.9.txt
new file mode 100644
index 0000000000..de66eb78f8
--- /dev/null
+++ b/docs/releases/1.4.9.txt
@@ -0,0 +1,21 @@
+==========================
+Django 1.4.9 release notes
+==========================
+
+*October 22, 2013*
+
+Django 1.4.9 fixes a security-related bug in the 1.4 series and one other
+data corruption bug.
+
+Readdressed denial-of-service via password hashers
+--------------------------------------------------
+
+Django 1.4.8 imposes a 4096-byte limit on passwords in order to mitigate a
+denial-of-service attack through submission of bogus but extremely large
+passwords. In Django 1.5.5, we've reverted this change and instead improved
+the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.
+
+Bugfixes
+========
+
+* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256).
diff --git a/docs/releases/index.txt b/docs/releases/index.txt
index 56b1155fac..4673b5a302 100644
--- a/docs/releases/index.txt
+++ b/docs/releases/index.txt
@@ -14,12 +14,12 @@ up to and including the new version.
 Final releases
 ==============
 
-
 1.4 release
 -----------
 .. toctree::
    :maxdepth: 1
 
+   1.4.9
    1.4.8
    1.4.7
    1.4.6
author	Tim Graham <timograham@gmail.com>	2013-09-25 09:33:29 -0400
committer	Tim Graham <timograham@gmail.com>	2013-10-22 20:25:20 -0400
commit	ead7c496a4bdd0eb8e2282ce982e1292846e7c91 (patch)
tree	94d0f0dc2adf001f95205ce8038966c69f48b0c8
parent	c4f29c91f9ad0fc3982f785f21093ba624ead8f8 (diff)