HTTPS clone URL
Subversion checkout URL
Please sign in to comment.
[1.4.x] Ensure that passwords are never long enough for a DoS.
* Limit the password length to 4096 bytes * Password hashers will raise a ValueError * django.contrib.auth forms will fail validation * Document in release notes that this is a backwards incompatible change Thanks to Josh Wright for the report, and Donald Stufft for the patch. This is a security fix; disclosure to follow shortly. Backport of aae5a96 from master.
- Loading branch information...
Showing with 136 additions and 16 deletions.