mirror of
				https://github.com/django/django.git
				synced 2025-10-25 06:36:07 +00:00 
			
		
		
		
	[1.6.x] Added 1.5.5 and 1.4.9 release notes
Backport of 2eb8f15516 from master
			
			
This commit is contained in:
		
							
								
								
									
										21
									
								
								docs/releases/1.4.9.txt
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								docs/releases/1.4.9.txt
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,21 @@ | ||||
| ========================== | ||||
| Django 1.4.9 release notes | ||||
| ========================== | ||||
|  | ||||
| *October 22, 2013* | ||||
|  | ||||
| Django 1.4.9 fixes a security-related bug in the 1.4 series and one other | ||||
| data corruption bug. | ||||
|  | ||||
| Readdressed denial-of-service via password hashers | ||||
| -------------------------------------------------- | ||||
|  | ||||
| Django 1.4.8 imposes a 4096-byte limit on passwords in order to mitigate a | ||||
| denial-of-service attack through submission of bogus but extremely large | ||||
| passwords. In Django 1.5.5, we've reverted this change and instead improved | ||||
| the speed of our PBKDF2 algorithm by not rehashing the key on every iteration. | ||||
|  | ||||
| Bugfixes | ||||
| ======== | ||||
|  | ||||
| * Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256). | ||||
							
								
								
									
										33
									
								
								docs/releases/1.5.5.txt
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										33
									
								
								docs/releases/1.5.5.txt
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,33 @@ | ||||
| ========================== | ||||
| Django 1.5.5 release notes | ||||
| ========================== | ||||
|  | ||||
| *October 22, 2013* | ||||
|  | ||||
| Django 1.5.5 fixes a couple security-related bugs and several other bugs in the | ||||
| 1.5 series. | ||||
|  | ||||
| Readdressed denial-of-service via password hashers | ||||
| -------------------------------------------------- | ||||
|  | ||||
| Django 1.5.4 imposes a 4096-byte limit on passwords in order to mitigate a | ||||
| denial-of-service attack through submission of bogus but extremely large | ||||
| passwords. In Django 1.5.5, we've reverted this change and instead improved | ||||
| the speed of our PBKDF2 algorithm by not rehashing the key on every iteration. | ||||
|  | ||||
| Properly rotate CSRF token on login | ||||
| ----------------------------------- | ||||
|  | ||||
| This behavior introduced as a security hardening measure in Django 1.5.2 did | ||||
| not work properly and is now fixed. | ||||
|  | ||||
| Bugfixes | ||||
| ======== | ||||
|  | ||||
| * Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256). | ||||
| * Fixed a Python 3 incompatability in ``django.utils.text.unescape_entities()`` | ||||
|   (#21185). | ||||
| * Fixed a couple data corruption issues with ``QuerySet`` edge cases under | ||||
|   Oracle and MySQL (#21203, #21126). | ||||
| * Fixed crashes when using combinations of ``annotate()``, | ||||
|   ``select_related()``, and ``only()`` (#16436). | ||||
| @@ -29,6 +29,7 @@ Final releases | ||||
| .. toctree:: | ||||
|    :maxdepth: 1 | ||||
|  | ||||
|    1.5.5 | ||||
|    1.5.4 | ||||
|    1.5.3 | ||||
|    1.5.2 | ||||
| @@ -40,6 +41,7 @@ Final releases | ||||
| .. toctree:: | ||||
|    :maxdepth: 1 | ||||
|  | ||||
|    1.4.9 | ||||
|    1.4.8 | ||||
|    1.4.7 | ||||
|    1.4.6 | ||||
|   | ||||
		Reference in New Issue
	
	Block a user