Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Refs #17800 - Added release notes and deprecation note about SECRET_K…

…EY requirement.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17617 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 60119d4f49f78a635f801d53c102f1463e28fe8a 1 parent 10e671e
Carl Meyer authored March 02, 2012
4  docs/internals/deprecation.txt
@@ -124,6 +124,10 @@ these changes.
124 124
 See the :doc:`Django 1.3 release notes</releases/1.3>` for more details on
125 125
 these changes.
126 126
 
  127
+* Starting Django without a :setting:`SECRET_KEY` will result in an exception
  128
+  rather than a `DeprecationWarning`. (This is accelerated from the usual
  129
+  deprecation path; see the :doc:`Django 1.4 release notes</releases/1.4>`.)
  130
+
127 131
 * The ``mod_python`` request handler will be removed. The ``mod_wsgi``
128 132
   handler should be used instead.
129 133
 
16  docs/releases/1.4.txt
@@ -617,6 +617,21 @@ Django 1.4 also includes several smaller improvements worth noting:
617 617
 Backwards incompatible changes in 1.4
618 618
 =====================================
619 619
 
  620
+SECRET_KEY setting is required
  621
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  622
+
  623
+Running Django with an empty or known :setting:`SECRET_KEY` disables many of
  624
+Django's security protections, and can lead to remote-code-execution
  625
+vulnerabilities; no Django site should ever be run without a
  626
+:setting:`SECRET_KEY`.
  627
+
  628
+In Django 1.4, starting Django with an empty :setting:`SECRET_KEY` will raise a
  629
+`DeprecationWarning`. In Django 1.5, it will raise an exception and Django will
  630
+refuse to start. This is slightly accelerated from the usual deprecation path
  631
+due to the severity of the consequences of running Django with no
  632
+:setting:`SECRET_KEY`.
  633
+
  634
+
620 635
 django.contrib.admin
621 636
 ~~~~~~~~~~~~~~~~~~~~
622 637
 
@@ -756,6 +771,7 @@ instance:
756 771
   * Time period: The amount of time you expect user to take filling out
757 772
     such forms.
758 773
 
  774
+
759 775
 django.contrib.flatpages
760 776
 ~~~~~~~~~~~~~~~~~~~~~~~~
761 777
 

0 notes on commit 60119d4

Please sign in to comment.
Something went wrong with that request. Please try again.