[1.9.x] Fixed CVE-2016-9013 -- Generated a random database user password when running tests on Oracle.

This is a security fix.
author: Marti Raudsepp <marti@juffo.org> 2016-10-24 15:22:00 -0400
committer: Tim Graham <timograham@gmail.com> 2016-10-25 14:31:42 -0400
commit: 4844d86c7728c1a5a3bbce4ad336a8d32304072b (patch)
tree: 19f1389db21cb1272887a6767636c2833f6ec2e4 /docs/ref/settings.txt
parent: 2ed85c18730fc8f1f527ba3dcbe0191f9a1b7564 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index a139f21eba..63aca2e978 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -814,7 +814,12 @@ Default: ``None``
 This is an Oracle-specific setting.
 
 The password to use when connecting to the Oracle database that will be used
-when running tests. If not provided, Django will use a hardcoded default value.
+when running tests. If not provided, Django will generate a random password.
+
+.. versionchanged:: 1.9.11
+
+    Older versions used a hardcoded default password. This was also changed
+    in 1.8.16 to fix possible security implications.
 
 .. setting:: TEST_TBLSPACE
author	Marti Raudsepp <marti@juffo.org>	2016-10-24 15:22:00 -0400
committer	Tim Graham <timograham@gmail.com>	2016-10-25 14:31:42 -0400
commit	4844d86c7728c1a5a3bbce4ad336a8d32304072b (patch)
tree	19f1389db21cb1272887a6767636c2833f6ec2e4 /docs/ref/settings.txt
parent	2ed85c18730fc8f1f527ba3dcbe0191f9a1b7564 (diff)