Russell Keith-Magee aae5a96d57 Ensure that passwords are never long enough for a DoS. ...

* Limit the password length to 4096 bytes
  * Password hashers will raise a ValueError
  * django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change

Thanks to Josh Wright for the report, and Donald Stufft for the patch.

This is a security fix; disclosure to follow shortly.

2013-09-15 13:42:23 +08:00

..

bin

Removed daily_cleanup.py script as per deprecation TL.

2013-06-28 21:48:16 -03:00

conf

Revert "Fixed #12288 -- Validated that app names in INSTALLED_APPS are unique"

2013-09-14 07:19:32 -04:00

contrib

Ensure that passwords are never long enough for a DoS.

2013-09-15 13:42:23 +08:00

core

Fixed #21097 - Added DatabaseFeature.can_introspect_autofield

2013-09-14 09:48:59 +03:00

db

REmoved some unused imports

2013-09-14 12:34:57 -07:00

dispatch

Fixed #20943 -- Weakly reference senders when caching their associated receivers

2013-08-21 22:30:45 +01:00

forms

Improved deprecation warning for change in form boolean values.

2013-09-10 14:24:34 -04:00

http

Fixed #18403 -- Initialized bad_cookies in SimpleCookie

2013-09-10 08:26:54 -04:00

middleware

Deprecated SortedDict (replaced with collections.OrderedDict)

2013-08-04 07:09:39 -04:00

shortcuts

More import removals

2013-06-29 11:58:36 +02:00

template

Prevented arbitrary file inclusion with {% ssi %} tag and relative paths.

2013-09-10 21:02:48 -04:00

templatetags

Took advantage of django.utils.six.moves.urllib.*.

2013-09-05 14:39:23 -05:00

test

REmoved some unused imports

2013-09-14 12:34:57 -07:00

utils

Fixed #21060 -- Refactored admin's autodiscover method to make it reusable.

2013-09-13 20:09:41 -04:00

views

Merge pull request #1580 from ianawilson/ticket_16502

2013-09-06 15:31:25 -07:00

__init__.py

Master is now pre-1.7.

2013-06-28 08:56:45 -05:00