Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

[1.4.x] Cleaned up 1.4.8 release notes

Backport of 8d29005 from master
  • Loading branch information...
commit ca77e38d243c5f1f1a5070cba0988d230d0bb050 1 parent efee30e
Tim Graham authored September 15, 2013
6  docs/howto/error-reporting.txt
@@ -123,6 +123,8 @@ Filtering error reports
123 123
 Filtering sensitive information
124 124
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
125 125
 
  126
+.. currentmodule:: django.views.decorators.debug
  127
+
126 128
 Error reports are really helpful for debugging errors, so it is generally
127 129
 useful to record as much relevant information about those errors as possible.
128 130
 For example, by default Django records the `full traceback`_ for the
@@ -236,11 +238,13 @@ attribute::
236 238
             request.exception_reporter_filter = CustomExceptionReporterFilter()
237 239
         ...
238 240
 
  241
+.. currentmodule:: django.views.debug
  242
+
239 243
 Your custom filter class needs to inherit from
240 244
 :class:`django.views.debug.SafeExceptionReporterFilter` and may override the
241 245
 following methods:
242 246
 
243  
-.. class:: django.views.debug.SafeExceptionReporterFilter
  247
+.. class:: SafeExceptionReporterFilter
244 248
 
245 249
 .. method:: SafeExceptionReporterFilter.is_active(self, request)
246 250
 
7  docs/releases/1.4-alpha-1.txt
@@ -337,9 +337,10 @@ docs </ref/contrib/csrf>` for more information.
337 337
 Error report filtering
338 338
 ~~~~~~~~~~~~~~~~~~~~~~
339 339
 
340  
-Two new function decorators, :func:`sensitive_variables` and
341  
-:func:`sensitive_post_parameters`, were added to allow designating the
342  
-local variables and POST parameters which may contain sensitive
  340
+We added two function decorators,
  341
+:func:`~django.views.decorators.debug.sensitive_variables` and
  342
+:func:`~django.views.decorators.debug.sensitive_post_parameters`, to allow
  343
+designating the local variables and POST parameters that may contain sensitive
343 344
 information and should be filtered out of error reports.
344 345
 
345 346
 All POST parameters are now systematically filtered out of error reports for
7  docs/releases/1.4-beta-1.txt
@@ -375,9 +375,10 @@ docs </ref/contrib/csrf>` for more information.
375 375
 Error report filtering
376 376
 ~~~~~~~~~~~~~~~~~~~~~~
377 377
 
378  
-Two new function decorators, :func:`sensitive_variables` and
379  
-:func:`sensitive_post_parameters`, were added to allow designating the
380  
-local variables and POST parameters which may contain sensitive
  378
+We added two function decorators,
  379
+:func:`~django.views.decorators.debug.sensitive_variables` and
  380
+:func:`~django.views.decorators.debug.sensitive_post_parameters`, to allow
  381
+designating the local variables and POST parameters that may contain sensitive
381 382
 information and should be filtered out of error reports.
382 383
 
383 384
 All POST parameters are now systematically filtered out of error reports for
21  docs/releases/1.4.8.txt
... ...
@@ -1,21 +1,32 @@
1 1
 ==========================
2  
-Django 1.4.7 release notes
  2
+Django 1.4.8 release notes
3 3
 ==========================
4 4
 
5 5
 *September 14, 2013*
6 6
 
7  
-Django 1.4.8 fixes one security issue present in previous Django releases in
  7
+Django 1.4.8 fixes two security issues present in previous Django releases in
8 8
 the 1.4 series.
9 9
 
10 10
 Denial-of-service via password hashers
11 11
 --------------------------------------
12 12
 
13  
-In previous versions of Django no limit was imposed on the plaintext
14  
-length of a password. This allows a denial-of-service attack through
  13
+In previous versions of Django, no limit was imposed on the plaintext
  14
+length of a password. This allowed a denial-of-service attack through
15 15
 submission of bogus but extremely large passwords, tying up server
16 16
 resources performing the (expensive, and increasingly expensive with
17 17
 the length of the password) calculation of the corresponding hash.
18 18
 
19 19
 As of 1.4.8, Django's authentication framework imposes a 4096-byte
20  
-limit on passwords, and will fail authentication with any submitted
  20
+limit on passwords and will fail authentication with any submitted
21 21
 password of greater length.
  22
+
  23
+Corrected usage of :func:`~django.views.decorators.debug.sensitive_post_parameters` in :mod:`django.contrib.auth`’s admin
  24
+-------------------------------------------------------------------------------------------------------------------------
  25
+
  26
+The decoration of the ``add_view`` and ``user_change_password`` user admin
  27
+views with :func:`~django.views.decorators.debug.sensitive_post_parameters`
  28
+did not include :func:`~django.utils.decorators.method_decorator` (required
  29
+since the views are methods) resulting in the decorator not being properly
  30
+applied. This usage has been fixed and
  31
+:func:`~django.views.decorators.debug.sensitive_post_parameters` will now
  32
+throw an exception if it's improperly used.
9  docs/releases/1.4.txt
@@ -507,10 +507,11 @@ docs </ref/contrib/csrf>` for more information.
507 507
 Error report filtering
508 508
 ~~~~~~~~~~~~~~~~~~~~~~
509 509
 
510  
-We added two function decorators, :func:`sensitive_variables` and
511  
-:func:`sensitive_post_parameters`, to allow designating the local variables
512  
-and POST parameters that may contain sensitive information and should be
513  
-filtered out of error reports.
  510
+We added two function decorators,
  511
+:func:`~django.views.decorators.debug.sensitive_variables` and
  512
+:func:`~django.views.decorators.debug.sensitive_post_parameters`, to allow
  513
+designating the local variables and POST parameters that may contain sensitive
  514
+information and should be filtered out of error reports.
514 515
 
515 516
 All POST parameters are now systematically filtered out of error reports for
516 517
 certain views (``login``, ``password_reset_confirm``, ``password_change`` and
1  docs/releases/index.txt
@@ -20,6 +20,7 @@ Final releases
20 20
 .. toctree::
21 21
    :maxdepth: 1
22 22
 
  23
+   1.4.8
23 24
    1.4.7
24 25
    1.4.6
25 26
    1.4.5

0 notes on commit ca77e38

Please sign in to comment.
Something went wrong with that request. Please try again.