[1.6.x] Added 1.5.5 and 1.4.9 release notes

Backport of 2eb8f15516 from master
2025-11-07 07:15:35 +00:00 · 2013-09-25 09:33:29 -04:00
parent 4499dc81e2
commit 2e74d6cb53
3 changed files with 56 additions and 0 deletions
--- a/docs/releases/1.4.9.txt
+++ b/docs/releases/1.4.9.txt
@@ -0,0 +1,21 @@
+==========================
+Django 1.4.9 release notes
+==========================
+
+*October 22, 2013*
+
+Django 1.4.9 fixes a security-related bug in the 1.4 series and one other
+data corruption bug.
+
+Readdressed denial-of-service via password hashers
+--------------------------------------------------
+
+Django 1.4.8 imposes a 4096-byte limit on passwords in order to mitigate a
+denial-of-service attack through submission of bogus but extremely large
+passwords. In Django 1.5.5, we've reverted this change and instead improved
+the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.
+
+Bugfixes
+========
+
+* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256).