Removed 1.6 release note text regarding password limit length.
This changed was reverted in 5d74853.
|@@ -810,22 +810,6 @@ as JSON requires string keys, you will likely run into problems if you are|
|using non-string keys in ``request.session``. See the|
|:ref:`session_serialization` documentation for more details.|
|-4096-byte limit on passwords|
|- This behavior was also added in the Django 1.5.4 and 1.4.8 security|
|-Historically, Django has imposed no length limit on plaintext|
|-passwords. This enables a denial-of-service attack through submission|
|-of bogus but extremely large passwords, tying up server resources|
|-performing the (expensive, and increasingly expensive with the length|
|-of the password) calculation of the corresponding hash.|
|-Django now imposes a 4096-byte limit on password length, and will fail|
|-authentication with any submitted password of greater length.|