mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-25 08:40:45 +00:00
Code Issues 32 Releases Wiki Activity

[1.5.x] Add release notes and bump version numbers for 1.5.4 security release.

Browse Source
This commit is contained in:
James Bennett 2013-09-15 00:29:31 -06:00
parent 22b74fa09d
commit 4607c7325d
5 changed files with 46 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
django/__init__.py
View File

@ -1,4 +1,4 @@
VERSION = (1, 5, 4, 'alpha', 0) VERSION = (1, 5, 4, 'final', 0)
def get_version(*args, **kwargs): def get_version(*args, **kwargs):
# Don't litter django/__init__.py with all the get_version stuff. # Don't litter django/__init__.py with all the get_version stuff.

4
docs/conf.py
View File

@ -52,9 +52,9 @@ copyright = 'Django Software Foundation and contributors'
# built documents. # built documents.
# #
# The short X.Y version. # The short X.Y version.
version = '1.5.3' version = '1.5.4'
# The full version, including alpha/beta/rc tags. # The full version, including alpha/beta/rc tags.
release = '1.5.3' release = '1.5.4'
# The next version to be released # The next version to be released
django_next_version = '1.6' django_next_version = '1.6'

21
docs/releases/1.4.8.txt Normal file
View File

@ -0,0 +1,21 @@
==========================
Django 1.4.7 release notes
==========================
*September 14, 2013*
Django 1.4.8 fixes one security issue present in previous Django releases in
the 1.4 series.
Denial-of-service via password hashers
--------------------------------------
In previous versions of Django no limit was imposed on the plaintext
length of a password. This allows a denial-of-service attack through
submission of bogus but extremely large passwords, tying up server
resources performing the (expensive, and increasingly expensive with
the length of the password) calculation of the corresponding hash.
As of 1.4.8, Django's authentication framework imposes a 4096-byte
limit on passwords, and will fail authentication with any submitted
password of greater length.

21
docs/releases/1.5.4.txt Normal file
View File

@ -0,0 +1,21 @@
==========================
Django 1.5.3 release notes
==========================
*September 14, 2013*
This is Django 1.5.4, the fourth release in the Django 1.5 series. It addresses
one security issue.
Denial-of-service via password hashers
--------------------------------------
In previous versions of Django no limit was imposed on the plaintext
length of a password. This allows a denial-of-service attack through
submission of bogus but extremely large passwords, tying up server
resources performing the (expensive, and increasingly expensive with
the length of the password) calculation of the corresponding hash.
As of 1.5.3, Django's authentication framework imposes a 4096-byte
limit on passwords, and will fail authentication with any submitted
password of greater length.

2
setup.py
View File

@ -85,7 +85,7 @@ setup(
author_email='foundation@djangoproject.com', author_email='foundation@djangoproject.com',
description=('A high-level Python Web framework that encourages ' description=('A high-level Python Web framework that encourages '
'rapid development and clean, pragmatic design.'), 'rapid development and clean, pragmatic design.'),
download_url='https://www.djangoproject.com/m/releases/1.5/Django-1.5.3.tar.gz', download_url='https://www.djangoproject.com/m/releases/1.5/Django-1.5.4.tar.gz',
license='BSD', license='BSD',
packages=packages, packages=packages,
package_data=package_data, package_data=package_data,