Commit 6e413928 authored by Tim Graham's avatar Tim Graham
Browse files

[1.5.x] Added 1.5.5 and 1.4.9 release notes 

Backport of 2eb8f155 from master
parent 26d1496f

docs/releases/1.4.9.txt

0 → 100644
+21 −0
Original line number Diff line number Diff line 
==========================

Django 1.4.9 release notes

==========================



*October 22, 2013*



Django 1.4.9 fixes a security-related bug in the 1.4 series and one other

data corruption bug.



Readdressed denial-of-service via password hashers

--------------------------------------------------



Django 1.4.8 imposes a 4096-byte limit on passwords in order to mitigate a

denial-of-service attack through submission of bogus but extremely large

passwords. In Django 1.5.5, we've reverted this change and instead improved

the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.



Bugfixes

========



* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256).

docs/releases/1.5.5.txt

0 → 100644
+33 −0
Original line number Diff line number Diff line 
==========================

Django 1.5.5 release notes

==========================



*October 22, 2013*



Django 1.5.5 fixes a couple security-related bugs and several other bugs in the

1.5 series.



Readdressed denial-of-service via password hashers

--------------------------------------------------



Django 1.5.4 imposes a 4096-byte limit on passwords in order to mitigate a

denial-of-service attack through submission of bogus but extremely large

passwords. In Django 1.5.5, we've reverted this change and instead improved

the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.



Properly rotate CSRF token on login

-----------------------------------



This behavior introduced as a security hardening measure in Django 1.5.2 did

not work properly and is now fixed.



Bugfixes

========



* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256).

* Fixed a Python 3 incompatability in ``django.utils.text.unescape_entities()``

  (#21185).

* Fixed a couple data corruption issues with ``QuerySet`` edge cases under

  Oracle and MySQL (#21203, #21126).

* Fixed crashes when using combinations of ``annotate()``,

  ``select_related()``, and ``only()`` (#16436).

docs/releases/index.txt

+2 −0
Original line number Diff line number Diff line
@@ -22,6 +22,7 @@ Final releases 
.. toctree::

   :maxdepth: 1



   1.5.5

   1.5.4

   1.5.3

   1.5.2
@@ -33,6 +34,7 @@ Final releases 
.. toctree::

   :maxdepth: 1



   1.4.9

   1.4.8

   1.4.7

   1.4.6