OS Dates before 01/01/2011 are broken #46
Milestone
Comments
|
Hi! |
stereosteve
pushed a commit
to stereosteve/itsdangerous
that referenced
this issue
Jul 7, 2016
pallets#46 1/1/2011 cutoff was removed, but comment was not updated.
davidism
pushed a commit
that referenced
this issue
Jul 7, 2016
#46 1/1/2011 cutoff was removed, but comment was not updated.
Closed
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this issue
Nov 10, 2018
Version 1.1.0 ------------- Released 2018-10-26 - Change default signing algorithm back to SHA-1. (`#113`_) - Added a default SHA-512 fallback for users who used the yanked 1.0.0 release which defaulted to SHA-512. (`#114`_) - Add support for fallback algorithms during deserialization to support changing the default in the future without breaking existing signatures. (`#113`_) - Changed capitalization of packages back to lowercase as the change in capitalization broke some tooling. (`#113`_) .. _#113: pallets/itsdangerous#113 .. _#114: pallets/itsdangerous#114 Version 1.0.0 ------------- Released 2018-10-18 YANKED *Note*: This release was yanked from PyPI because it changed the default algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains at SHA1. - Drop support for Python 2.6 and 3.3. - Refactor code from a single module to a package. Any object in the API docs is still importable from the top-level ``itsdangerous`` name, but other imports will need to be changed. A future release will remove many of these compatibility imports. (`#107`_) - Optimize how timestamps are serialized and deserialized. (`#13`_) - ``base64_decode`` raises ``BadData`` when it is passed invalid data. (`#27`_) - Ensure value is bytes when signing to avoid a ``TypeError`` on Python 3. (`#29`_) - Add a ``serializer_kwargs`` argument to ``Serializer``, which is passed to ``dumps`` during ``dump_payload``. (`#36`_) - More compact JSON dumps for unicode strings. (`#38`_) - Use the full timestamp rather than an offset, allowing dates before 2011. (`#46`_) - Detect a ``sep`` character that may show up in the signature itself and raise a ``ValueError``. (`#62`_) - Use a consistent signature for keyword arguments for ``Serializer.load_payload`` in subclasses. (`#74`_, `#75`_) - Change default intermediate hash from SHA-1 to SHA-512. (`#80`_) - Convert JWS exp header to an int when loading. (`#99`_) .. _#13: pallets/itsdangerous#13 .. _#27: pallets/itsdangerous#27 .. _#29: pallets/itsdangerous#29 .. _#36: pallets/itsdangerous#36 .. _#38: pallets/itsdangerous#38 .. _#46: pallets/itsdangerous#46 .. _#62: pallets/itsdangerous#62 .. _#74: pallets/itsdangerous#74 .. _#75: pallets/itsdangerous#75 .. _#80: pallets/itsdangerous#80 .. _#99: pallets/itsdangerous#99 .. _#107: pallets/itsdangerous#107
quis
added a commit
to alphagov/notifications-admin
that referenced
this issue
Feb 19, 2020
Version 1.1.0 has reverted the breaking change (moving from sha1 to sha256) that was introduced in version 1.0.0. Upgrading now so that we can take advantage of this bug fix: pallets/itsdangerous#46
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I'm using an embedded linux with a startup kernal time of 01/01/2010, with flask hosted site as a config tool. If the device doesn't have an internet connection (to update time from NTP), and they trigger TimeStampSigner.sign() function in itsdangerous.py, the int_to_byte assert fails as num is < 0.
I've not delved into why the logic expects the date to be greater then 2011, but it breaks it for me.
The text was updated successfully, but these errors were encountered: