Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Refs #17800 - Added release notes and deprecation note about SECRET_K…

…EY requirement.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17617 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 60119d4f49f78a635f801d53c102f1463e28fe8a 1 parent 10e671e
@carljm carljm authored
Showing with 20 additions and 0 deletions.
  1. +4 −0 docs/internals/deprecation.txt
  2. +16 −0 docs/releases/1.4.txt
View
4 docs/internals/deprecation.txt
@@ -124,6 +124,10 @@ these changes.
See the :doc:`Django 1.3 release notes</releases/1.3>` for more details on
these changes.
+* Starting Django without a :setting:`SECRET_KEY` will result in an exception
+ rather than a `DeprecationWarning`. (This is accelerated from the usual
+ deprecation path; see the :doc:`Django 1.4 release notes</releases/1.4>`.)
+
* The ``mod_python`` request handler will be removed. The ``mod_wsgi``
handler should be used instead.
View
16 docs/releases/1.4.txt
@@ -617,6 +617,21 @@ Django 1.4 also includes several smaller improvements worth noting:
Backwards incompatible changes in 1.4
=====================================
+SECRET_KEY setting is required
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Running Django with an empty or known :setting:`SECRET_KEY` disables many of
+Django's security protections, and can lead to remote-code-execution
+vulnerabilities; no Django site should ever be run without a
+:setting:`SECRET_KEY`.
+
+In Django 1.4, starting Django with an empty :setting:`SECRET_KEY` will raise a
+`DeprecationWarning`. In Django 1.5, it will raise an exception and Django will
+refuse to start. This is slightly accelerated from the usual deprecation path
+due to the severity of the consequences of running Django with no
+:setting:`SECRET_KEY`.
+
+
django.contrib.admin
~~~~~~~~~~~~~~~~~~~~
@@ -756,6 +771,7 @@ instance:
* Time period: The amount of time you expect user to take filling out
such forms.
+
django.contrib.flatpages
~~~~~~~~~~~~~~~~~~~~~~~~
Please sign in to comment.
Something went wrong with that request. Please try again.