Path to this page:
Subject: CVS commit: pkgsrc/www/py-django
From: Adam Ciarcinski
Date: 2013-10-28 21:12:40
Message id: 20131028201240.E359C96@cvs.netbsd.org
Log Message:
Changes 1.5.5:
Django 1.5.5 fixes a couple security-related bugs and several other bugs in the \
1.5 series.
Readdressed denial-of-service via password hashers
Django 1.5.4 imposes a 4096-byte limit on passwords in order to mitigate a \
denial-of-service attack through submission of bogus but extremely large \
passwords. In Django 1.5.5, weâve reverted this change and instead improved \
the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.
Properly rotate CSRF token on login
This behaviour introduced as a security hardening measure in Django 1.5.2 did \
not work properly and is now fixed.
Bugfixes
Fixed a data corruption bug with datetime_safe.datetime.combine.
Fixed a Python 3 incompatability in django.utils.text.unescape_entities().
Fixed a couple data corruption issues with QuerySet edge cases under Oracle and \
MySQL.
Fixed crashes when using combinations of annotate(), select_related(), and only()
Files: