Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Removed 1.6 release note text regarding password limit length.

This changed was reverted in 5d74853.
  • Loading branch information...
commit d97bec5ee3a6284d30b613c9070588a60358e7ec 1 parent 7e5d7a7
@timgraham timgraham authored
Showing with 0 additions and 16 deletions.
  1. +0 −16 docs/releases/1.6.txt
16 docs/releases/1.6.txt
@@ -810,22 +810,6 @@ as JSON requires string keys, you will likely run into problems if you are
using non-string keys in ``request.session``. See the
:ref:`session_serialization` documentation for more details.
-4096-byte limit on passwords
-.. note::
- This behavior was also added in the Django 1.5.4 and 1.4.8 security
- releases.
-Historically, Django has imposed no length limit on plaintext
-passwords. This enables a denial-of-service attack through submission
-of bogus but extremely large passwords, tying up server resources
-performing the (expensive, and increasingly expensive with the length
-of the password) calculation of the corresponding hash.
-Django now imposes a 4096-byte limit on password length, and will fail
-authentication with any submitted password of greater length.
Please sign in to comment.
Something went wrong with that request. Please try again.