Skip to content
Projeler
Gruplar
Parçacıklar
Yardım
Yükleniyor...
Oturum aç / Kaydol
Gezinmeyi değiştir
D
django
Proje
Proje
Ayrıntılar
Etkinlik
Cycle Analytics
Depo (repository)
Depo (repository)
Dosyalar
Kayıtlar (commit)
Dallar (branch)
Etiketler
Katkıda bulunanlar
Grafik
Karşılaştır
Grafikler
Konular (issue)
0
Konular (issue)
0
Liste
Pano
Etiketler
Kilometre Taşları
Birleştirme (merge) Talepleri
0
Birleştirme (merge) Talepleri
0
CI / CD
CI / CD
İş akışları (pipeline)
İşler
Zamanlamalar
Grafikler
Paketler
Paketler
Wiki
Wiki
Parçacıklar
Parçacıklar
Üyeler
Üyeler
Collapse sidebar
Close sidebar
Etkinlik
Grafik
Grafikler
Yeni bir konu (issue) oluştur
İşler
Kayıtlar (commit)
Konu (issue) Panoları
Kenar çubuğunu aç
Batuhan Osman TASKAYA
django
Commits
8d290055
Kaydet (Commit)
8d290055
authored
Eyl 15, 2013
tarafından
Tim Graham
Dosyalara gözat
Seçenekler
Dosyalara Gözat
İndir
Eposta Yamaları
Sade Fark
Cleaned up 1.5.4/1.4.8 release notes
üst
aae5a96d
Hide whitespace changes
Inline
Side-by-side
Showing
9 changed files
with
108 additions
and
19 deletions
+108
-19
error-reporting.txt
docs/howto/error-reporting.txt
+5
-1
1.4-alpha-1.txt
docs/releases/1.4-alpha-1.txt
+4
-3
1.4-beta-1.txt
docs/releases/1.4-beta-1.txt
+4
-3
1.4.8.txt
docs/releases/1.4.8.txt
+32
-0
1.4.txt
docs/releases/1.4.txt
+5
-4
1.5.4.txt
docs/releases/1.5.4.txt
+40
-0
1.6.txt
docs/releases/1.6.txt
+16
-0
1.7.txt
docs/releases/1.7.txt
+0
-8
index.txt
docs/releases/index.txt
+2
-0
No files found.
docs/howto/error-reporting.txt
Dosyayı görüntüle @
8d290055
...
...
@@ -117,6 +117,8 @@ Filtering error reports
Filtering sensitive information
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. currentmodule:: django.views.decorators.debug
Error reports are really helpful for debugging errors, so it is generally
useful to record as much relevant information about those errors as possible.
For example, by default Django records the `full traceback`_ for the
...
...
@@ -240,11 +242,13 @@ attribute::
request.exception_reporter_filter = CustomExceptionReporterFilter()
...
.. currentmodule:: django.views.debug
Your custom filter class needs to inherit from
:class:`django.views.debug.SafeExceptionReporterFilter` and may override the
following methods:
.. class::
django.views.debug.
SafeExceptionReporterFilter
.. class:: SafeExceptionReporterFilter
.. method:: SafeExceptionReporterFilter.is_active(self, request)
...
...
docs/releases/1.4-alpha-1.txt
Dosyayı görüntüle @
8d290055
...
...
@@ -337,9 +337,10 @@ docs </ref/contrib/csrf>` for more information.
Error report filtering
~~~~~~~~~~~~~~~~~~~~~~
Two new function decorators, :func:`sensitive_variables` and
:func:`sensitive_post_parameters`, were added to allow designating the
local variables and POST parameters which may contain sensitive
We added two function decorators,
:func:`~django.views.decorators.debug.sensitive_variables` and
:func:`~django.views.decorators.debug.sensitive_post_parameters`, to allow
designating the local variables and POST parameters that may contain sensitive
information and should be filtered out of error reports.
All POST parameters are now systematically filtered out of error reports for
...
...
docs/releases/1.4-beta-1.txt
Dosyayı görüntüle @
8d290055
...
...
@@ -375,9 +375,10 @@ docs </ref/contrib/csrf>` for more information.
Error report filtering
~~~~~~~~~~~~~~~~~~~~~~
Two new function decorators, :func:`sensitive_variables` and
:func:`sensitive_post_parameters`, were added to allow designating the
local variables and POST parameters which may contain sensitive
We added two function decorators,
:func:`~django.views.decorators.debug.sensitive_variables` and
:func:`~django.views.decorators.debug.sensitive_post_parameters`, to allow
designating the local variables and POST parameters that may contain sensitive
information and should be filtered out of error reports.
All POST parameters are now systematically filtered out of error reports for
...
...
docs/releases/1.4.8.txt
0 → 100644
Dosyayı görüntüle @
8d290055
==========================
Django 1.4.8 release notes
==========================
*September 14, 2013*
Django 1.4.8 fixes two security issues present in previous Django releases in
the 1.4 series.
Denial-of-service via password hashers
--------------------------------------
In previous versions of Django, no limit was imposed on the plaintext
length of a password. This allowed a denial-of-service attack through
submission of bogus but extremely large passwords, tying up server
resources performing the (expensive, and increasingly expensive with
the length of the password) calculation of the corresponding hash.
As of 1.4.8, Django's authentication framework imposes a 4096-byte
limit on passwords and will fail authentication with any submitted
password of greater length.
Corrected usage of :func:`~django.views.decorators.debug.sensitive_post_parameters` in :mod:`django.contrib.auth`’s admin
-------------------------------------------------------------------------------------------------------------------------
The decoration of the ``add_view`` and ``user_change_password`` user admin
views with :func:`~django.views.decorators.debug.sensitive_post_parameters`
did not include :func:`~django.utils.decorators.method_decorator` (required
since the views are methods) resulting in the decorator not being properly
applied. This usage has been fixed and
:func:`~django.views.decorators.debug.sensitive_post_parameters` will now
throw an exception if it's improperly used.
docs/releases/1.4.txt
Dosyayı görüntüle @
8d290055
...
...
@@ -507,10 +507,11 @@ docs </ref/contrib/csrf>` for more information.
Error report filtering
~~~~~~~~~~~~~~~~~~~~~~
We added two function decorators, :func:`sensitive_variables` and
:func:`sensitive_post_parameters`, to allow designating the local variables
and POST parameters that may contain sensitive information and should be
filtered out of error reports.
We added two function decorators,
:func:`~django.views.decorators.debug.sensitive_variables` and
:func:`~django.views.decorators.debug.sensitive_post_parameters`, to allow
designating the local variables and POST parameters that may contain sensitive
information and should be filtered out of error reports.
All POST parameters are now systematically filtered out of error reports for
certain views (``login``, ``password_reset_confirm``, ``password_change`` and
...
...
docs/releases/1.5.4.txt
0 → 100644
Dosyayı görüntüle @
8d290055
==========================
Django 1.5.4 release notes
==========================
*September 14, 2013*
This is Django 1.5.4, the fourth release in the Django 1.5 series. It addresses
two security issues and one bug.
Denial-of-service via password hashers
--------------------------------------
In previous versions of Django, no limit was imposed on the plaintext
length of a password. This allowed a denial-of-service attack through
submission of bogus but extremely large passwords, tying up server
resources performing the (expensive, and increasingly expensive with
the length of the password) calculation of the corresponding hash.
As of 1.5.4, Django's authentication framework imposes a 4096-byte
limit on passwords, and will fail authentication with any submitted
password of greater length.
Corrected usage of :func:`~django.views.decorators.debug.sensitive_post_parameters` in :mod:`django.contrib.auth`’s admin
-------------------------------------------------------------------------------------------------------------------------
The decoration of the ``add_view`` and ``user_change_password`` user admin
views with :func:`~django.views.decorators.debug.sensitive_post_parameters`
did not include :func:`~django.utils.decorators.method_decorator` (required
since the views are methods) resulting in the decorator not being properly
applied. This usage has been fixed and
:func:`~django.views.decorators.debug.sensitive_post_parameters` will now
throw an exception if it's improperly used.
Bugfixes
========
* Fixed a bug that prevented a ``QuerySet`` that uses
:meth:`~django.db.models.query.QuerySet.prefetch_related` from being pickled
and unpickled more than once (the second pickling attempt raised an
exception) (#21102).
docs/releases/1.6.txt
Dosyayı görüntüle @
8d290055
...
...
@@ -780,6 +780,22 @@ as JSON requires string keys, you will likely run into problems if you are
using non-string keys in ``request.session``. See the
:ref:`session_serialization` documentation for more details.
4096-byte limit on passwords
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. note::
This behavior was also added in the Django 1.5.4 and 1.4.8 security
releases.
Historically, Django has imposed no length limit on plaintext
passwords. This enables a denial-of-service attack through submission
of bogus but extremely large passwords, tying up server resources
performing the (expensive, and increasingly expensive with the length
of the password) calculation of the corresponding hash.
Django now imposes a 4096-byte limit on password length, and will fail
authentication with any submitted password of greater length.
Miscellaneous
~~~~~~~~~~~~~
...
...
docs/releases/1.7.txt
Dosyayı görüntüle @
8d290055
...
...
@@ -402,14 +402,6 @@ Miscellaneous
Rationale behind this is removal of dependency of non-contrib code on
contrib applications.
* Passwords longer than 4096 bytes in length will no longer work and will
instead raise a ``ValueError`` when using the hasher directory or the
built in forms shipped with ``django.contrib.auth`` will fail validation.
The rationale behind this is a possibility of a Denial of Service attack when
using a slow password hasher, such as the default PBKDF2, and sending very
large passwords.
Features deprecated in 1.7
==========================
...
...
docs/releases/index.txt
Dosyayı görüntüle @
8d290055
...
...
@@ -36,6 +36,7 @@ Final releases
.. toctree::
:maxdepth: 1
1.5.4
1.5.3
1.5.2
1.5.1
...
...
@@ -46,6 +47,7 @@ Final releases
.. toctree::
:maxdepth: 1
1.4.8
1.4.7
1.4.6
1.4.5
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment