[1.5.x] Cleaned up 1.5.4/1.4.8 release notes

Backport of 8d29005524 from master
2025-10-31 09:41:08 +00:00 · 2013-09-15 14:14:26 -04:00
parent ae5f4a04b4
commit 12a30e9221
7 changed files with 60 additions and 21 deletions
--- a/docs/howto/error-reporting.txt
+++ b/docs/howto/error-reporting.txt
@@ -119,6 +119,8 @@ Filtering error reports
 Filtering sensitive information
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 .. currentmodule:: django.views.decorators.debug
 Error reports are really helpful for debugging errors, so it is generally
 useful to record as much relevant information about those errors as possible.
 For example, by default Django records the `full traceback`_ for the
@@ -246,11 +248,13 @@ attribute::
            request.exception_reporter_filter = CustomExceptionReporterFilter()
        ...
 .. currentmodule:: django.views.debug
 Your custom filter class needs to inherit from
 :class:`django.views.debug.SafeExceptionReporterFilter` and may override the
 following methods:
-.. class:: django.views.debug.SafeExceptionReporterFilter
+.. class:: SafeExceptionReporterFilter
 .. method:: SafeExceptionReporterFilter.is_active(self, request)
--- a/docs/releases/1.4-alpha-1.txt
+++ b/docs/releases/1.4-alpha-1.txt
@@ -337,9 +337,10 @@ docs </ref/contrib/csrf>` for more information.
 Error report filtering
 ~~~~~~~~~~~~~~~~~~~~~~
-Two new function decorators, :func:`sensitive_variables` and
+We added two function decorators,
-:func:`sensitive_post_parameters`, were added to allow designating the
+:func:`~django.views.decorators.debug.sensitive_variables` and
-local variables and POST parameters which may contain sensitive
+:func:`~django.views.decorators.debug.sensitive_post_parameters`, to allow
 designating the local variables and POST parameters that may contain sensitive
 information and should be filtered out of error reports.
 All POST parameters are now systematically filtered out of error reports for
--- a/docs/releases/1.4-beta-1.txt
+++ b/docs/releases/1.4-beta-1.txt
@@ -375,9 +375,10 @@ docs </ref/contrib/csrf>` for more information.
 Error report filtering
 ~~~~~~~~~~~~~~~~~~~~~~
-Two new function decorators, :func:`sensitive_variables` and
+We added two function decorators,
-:func:`sensitive_post_parameters`, were added to allow designating the
+:func:`~django.views.decorators.debug.sensitive_variables` and
-local variables and POST parameters which may contain sensitive
+:func:`~django.views.decorators.debug.sensitive_post_parameters`, to allow
 designating the local variables and POST parameters that may contain sensitive
 information and should be filtered out of error reports.
 All POST parameters are now systematically filtered out of error reports for
--- a/docs/releases/1.4.8.txt
+++ b/docs/releases/1.4.8.txt
@@ -1,21 +1,32 @@
 ==========================
-Django 1.4.7 release notes
+Django 1.4.8 release notes
 ==========================
 *September 14, 2013*
-Django 1.4.8 fixes one security issue present in previous Django releases in
+Django 1.4.8 fixes two security issues present in previous Django releases in
 the 1.4 series.
 Denial-of-service via password hashers
 --------------------------------------
-In previous versions of Django no limit was imposed on the plaintext
+In previous versions of Django, no limit was imposed on the plaintext
-length of a password. This allows a denial-of-service attack through
+length of a password. This allowed a denial-of-service attack through
 submission of bogus but extremely large passwords, tying up server
 resources performing the (expensive, and increasingly expensive with
 the length of the password) calculation of the corresponding hash.
 As of 1.4.8, Django's authentication framework imposes a 4096-byte
-limit on passwords, and will fail authentication with any submitted
+limit on passwords and will fail authentication with any submitted
 password of greater length.
 Corrected usage of :func:`~django.views.decorators.debug.sensitive_post_parameters` in :mod:`django.contrib.auth`’s admin
 -------------------------------------------------------------------------------------------------------------------------
 The decoration of the ``add_view`` and ``user_change_password`` user admin
 views with :func:`~django.views.decorators.debug.sensitive_post_parameters`
 did not include :func:`~django.utils.decorators.method_decorator` (required
 since the views are methods) resulting in the decorator not being properly
 applied. This usage has been fixed and
 :func:`~django.views.decorators.debug.sensitive_post_parameters` will now
 throw an exception if it's improperly used.
--- a/docs/releases/1.4.txt
+++ b/docs/releases/1.4.txt
@@ -507,10 +507,11 @@ docs </ref/contrib/csrf>` for more information.
 Error report filtering
 ~~~~~~~~~~~~~~~~~~~~~~
-We added two function decorators, :func:`sensitive_variables` and
+We added two function decorators,
-:func:`sensitive_post_parameters`, to allow designating the local variables
+:func:`~django.views.decorators.debug.sensitive_variables` and
-and POST parameters that may contain sensitive information and should be
+:func:`~django.views.decorators.debug.sensitive_post_parameters`, to allow
-filtered out of error reports.
+designating the local variables and POST parameters that may contain sensitive
 information and should be filtered out of error reports.
 All POST parameters are now systematically filtered out of error reports for
 certain views (``login``, ``password_reset_confirm``, ``password_change`` and
--- a/docs/releases/1.5.4.txt
+++ b/docs/releases/1.5.4.txt
@@ -1,21 +1,40 @@
 ==========================
-Django 1.5.3 release notes
+Django 1.5.4 release notes
 ==========================
 *September 14, 2013*
 This is Django 1.5.4, the fourth release in the Django 1.5 series. It addresses
-one security issue.
+two security issues and one bug.
 Denial-of-service via password hashers
 --------------------------------------
-In previous versions of Django no limit was imposed on the plaintext
+In previous versions of Django, no limit was imposed on the plaintext
-length of a password. This allows a denial-of-service attack through
+length of a password. This allowed a denial-of-service attack through
 submission of bogus but extremely large passwords, tying up server
 resources performing the (expensive, and increasingly expensive with
 the length of the password) calculation of the corresponding hash.
-As of 1.5.3, Django's authentication framework imposes a 4096-byte
+As of 1.5.4, Django's authentication framework imposes a 4096-byte
 limit on passwords, and will fail authentication with any submitted
 password of greater length.
 Corrected usage of :func:`~django.views.decorators.debug.sensitive_post_parameters` in :mod:`django.contrib.auth`’s admin
 -------------------------------------------------------------------------------------------------------------------------
 The decoration of the ``add_view`` and ``user_change_password`` user admin
 views with :func:`~django.views.decorators.debug.sensitive_post_parameters`
 did not include :func:`~django.utils.decorators.method_decorator` (required
 since the views are methods) resulting in the decorator not being properly
 applied. This usage has been fixed and
 :func:`~django.views.decorators.debug.sensitive_post_parameters` will now
 throw an exception if it's improperly used.
 Bugfixes
 ========
 * Fixed a bug that prevented a ``QuerySet`` that uses
  :meth:`~django.db.models.query.QuerySet.prefetch_related` from being pickled
  and unpickled more than once (the second pickling attempt raised an
  exception) (#21102).
--- a/docs/releases/index.txt
+++ b/docs/releases/index.txt
@@ -22,6 +22,7 @@ Final releases
 .. toctree::
   :maxdepth: 1
   1.5.4
   1.5.3
   1.5.2
   1.5.1
@@ -32,6 +33,7 @@ Final releases
 .. toctree::
   :maxdepth: 1
   1.4.8
   1.4.7
   1.4.6
   1.4.5