Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

[1.4.x] Added 1.4.9 release notes

Backport of 2eb8f15 from master
  • Loading branch information...
commit ead7c496a4bdd0eb8e2282ce982e1292846e7c91 1 parent c4f29c9
@timgraham timgraham authored
Showing with 22 additions and 1 deletion.
  1. +21 −0 docs/releases/1.4.9.txt
  2. +1 −1  docs/releases/index.txt
View
21 docs/releases/1.4.9.txt
@@ -0,0 +1,21 @@
+==========================
+Django 1.4.9 release notes
+==========================
+
+*October 22, 2013*
+
+Django 1.4.9 fixes a security-related bug in the 1.4 series and one other
+data corruption bug.
+
+Readdressed denial-of-service via password hashers
+--------------------------------------------------
+
+Django 1.4.8 imposes a 4096-byte limit on passwords in order to mitigate a
+denial-of-service attack through submission of bogus but extremely large
+passwords. In Django 1.5.5, we've reverted this change and instead improved
+the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.
+
+Bugfixes
+========
+
+* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256).
View
2  docs/releases/index.txt
@@ -14,12 +14,12 @@ up to and including the new version.
Final releases
==============
-
1.4 release
-----------
.. toctree::
:maxdepth: 1
+ 1.4.9
1.4.8
1.4.7
1.4.6
Please sign in to comment.
Something went wrong with that request. Please try again.