mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-11-07 07:15:35 +00:00
Code Issues 32 Releases Wiki Activity

[1.6.x] Cleaned up 1.5.4/1.4.8 release notes

Browse Source 
Backport of 8d29005524 from master
This commit is contained in:
Tim Graham
2013-09-15 14:14:26 -04:00
parent 623c4916df
commit e96bcdd64f
8 changed files with 64 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/releases/1.6.txt
View File

@@ -783,6 +783,10 @@ using non-string keys in ``request.session``. See the
4096-byte limit on passwords
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. note::
This behavior was also added in the Django 1.5.4 and 1.4.8 security
releases.
Historically, Django has imposed no length limit on plaintext
passwords. This enables a denial-of-service attack through submission
of bogus but extremely large passwords, tying up server resources
@@ -792,7 +796,6 @@ of the password) calculation of the corresponding hash.
Django now imposes a 4096-byte limit on password length, and will fail
authentication with any submitted password of greater length.
Miscellaneous
~~~~~~~~~~~~~