Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

- The AuthTktAuthenticationPolicy did not use a timing-attack-aware s…

…tring

  comparator.  See #320 for more info.

References issue#320.
  • Loading branch information...
commit e61ab86f91f5085fb601699ec1a25eac7b0cfca9 1 parent c8c9bc8
@mcdonc mcdonc authored
Showing with 8 additions and 3 deletions.
  1. +8 −3 CHANGES.txt
View
11 CHANGES.txt
@@ -4,8 +4,9 @@ Next release
Bug Fixes
---------
-- The ``pryamid.view.view_config`` decorator did not accept a ``match_params``
- predicate argument. See https://github.com/Pylons/pyramid/pull/308
+- Backport from master: The ``pryamid.view.view_config`` decorator did not
+ accept a ``match_params`` predicate argument. See
+ https://github.com/Pylons/pyramid/pull/308
- Backport fixes from master regarding URL decoding. URL segments are
no-longer "double-decoded" during traversal and when encountered in a route
@@ -26,10 +27,14 @@ Bug Fixes
- Backport from master: fix ``request.json_body`` to deal with alternate
request charsets.
-- Backport from master: The AuthTktCookieHelper could potentially generate
+- Backport from master: the AuthTktCookieHelper could potentially generate
Unicode headers inappropriately when the ``tokens`` argument to remember
was used. See https://github.com/Pylons/pyramid/pull/314.
+- Backport from master: the AuthTktAuthenticationPolicy did not use a
+ timing-attack-aware string comparator. See
+ https://github.com/Pylons/pyramid/pull/320 for more info.
+
Testing
-------
Please sign in to comment.
Something went wrong with that request. Please try again.