mirror of https://github.com/django/django.git
22 lines
704 B
Plaintext
22 lines
704 B
Plaintext
|
==========================
|
||
|
Django 1.4.9 release notes
|
||
|
==========================
|
||
|
|
||
|
*October 22, 2013*
|
||
|
|
||
|
Django 1.4.9 fixes a security-related bug in the 1.4 series and one other
|
||
|
data corruption bug.
|
||
|
|
||
|
Readdressed denial-of-service via password hashers
|
||
|
--------------------------------------------------
|
||
|
|
||
|
Django 1.4.8 imposes a 4096-byte limit on passwords in order to mitigate a
|
||
|
denial-of-service attack through submission of bogus but extremely large
|
||
|
passwords. In Django 1.5.5, we've reverted this change and instead improved
|
||
|
the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.
|
||
|
|
||
|
Bugfixes
|
||
|
========
|
||
|
|
||
|
* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256).
|