Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity

[1.4.x] Cleaned up 1.4.8 release notes

Browse Source 
Backport of 8d29005524 from master
This commit is contained in:
Tim Graham 2013-09-15 14:14:26 -04:00
parent efee30e6b0
commit ca77e38d24
6 changed files with 35 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/howto/error-reporting.txt
View File

@ -123,6 +123,8 @@ Filtering error reports
Filtering sensitive information Filtering sensitive information
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. currentmodule:: django.views.decorators.debug
Error reports are really helpful for debugging errors, so it is generally Error reports are really helpful for debugging errors, so it is generally
useful to record as much relevant information about those errors as possible. useful to record as much relevant information about those errors as possible.
For example, by default Django records the `full traceback`_ for the For example, by default Django records the `full traceback`_ for the
@ -236,11 +238,13 @@ attribute::
request.exception_reporter_filter = CustomExceptionReporterFilter() request.exception_reporter_filter = CustomExceptionReporterFilter()
... ...
.. currentmodule:: django.views.debug
Your custom filter class needs to inherit from Your custom filter class needs to inherit from
:class:`django.views.debug.SafeExceptionReporterFilter` and may override the :class:`django.views.debug.SafeExceptionReporterFilter` and may override the
following methods: following methods:
.. class:: django.views.debug.SafeExceptionReporterFilter .. class:: SafeExceptionReporterFilter
.. method:: SafeExceptionReporterFilter.is_active(self, request) .. method:: SafeExceptionReporterFilter.is_active(self, request)

7
docs/releases/1.4-alpha-1.txt
View File

@ -337,9 +337,10 @@ docs </ref/contrib/csrf>` for more information.
Error report filtering Error report filtering
~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~
Two new function decorators, :func:`sensitive_variables` and We added two function decorators,
:func:`sensitive_post_parameters`, were added to allow designating the :func:`~django.views.decorators.debug.sensitive_variables` and
local variables and POST parameters which may contain sensitive :func:`~django.views.decorators.debug.sensitive_post_parameters`, to allow
designating the local variables and POST parameters that may contain sensitive
information and should be filtered out of error reports. information and should be filtered out of error reports.
All POST parameters are now systematically filtered out of error reports for All POST parameters are now systematically filtered out of error reports for

7
docs/releases/1.4-beta-1.txt
View File

@ -375,9 +375,10 @@ docs </ref/contrib/csrf>` for more information.
Error report filtering Error report filtering
~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~
Two new function decorators, :func:`sensitive_variables` and We added two function decorators,
:func:`sensitive_post_parameters`, were added to allow designating the :func:`~django.views.decorators.debug.sensitive_variables` and
local variables and POST parameters which may contain sensitive :func:`~django.views.decorators.debug.sensitive_post_parameters`, to allow
designating the local variables and POST parameters that may contain sensitive
information and should be filtered out of error reports. information and should be filtered out of error reports.
All POST parameters are now systematically filtered out of error reports for All POST parameters are now systematically filtered out of error reports for

21
docs/releases/1.4.8.txt
View File

@ -1,21 +1,32 @@
========================== ==========================
Django 1.4.7 release notes Django 1.4.8 release notes
========================== ==========================
*September 14, 2013* *September 14, 2013*
Django 1.4.8 fixes one security issue present in previous Django releases in Django 1.4.8 fixes two security issues present in previous Django releases in
the 1.4 series. the 1.4 series.
Denial-of-service via password hashers Denial-of-service via password hashers
-------------------------------------- --------------------------------------
In previous versions of Django no limit was imposed on the plaintext In previous versions of Django, no limit was imposed on the plaintext
length of a password. This allows a denial-of-service attack through length of a password. This allowed a denial-of-service attack through
submission of bogus but extremely large passwords, tying up server submission of bogus but extremely large passwords, tying up server
resources performing the (expensive, and increasingly expensive with resources performing the (expensive, and increasingly expensive with
the length of the password) calculation of the corresponding hash. the length of the password) calculation of the corresponding hash.
As of 1.4.8, Django's authentication framework imposes a 4096-byte As of 1.4.8, Django's authentication framework imposes a 4096-byte
limit on passwords, and will fail authentication with any submitted limit on passwords and will fail authentication with any submitted
password of greater length. password of greater length.
Corrected usage of :func:`~django.views.decorators.debug.sensitive_post_parameters` in :mod:`django.contrib.auth`s admin
-------------------------------------------------------------------------------------------------------------------------
The decoration of the ``add_view`` and ``user_change_password`` user admin
views with :func:`~django.views.decorators.debug.sensitive_post_parameters`
did not include :func:`~django.utils.decorators.method_decorator` (required
since the views are methods) resulting in the decorator not being properly
applied. This usage has been fixed and
:func:`~django.views.decorators.debug.sensitive_post_parameters` will now
throw an exception if it's improperly used.

9
docs/releases/1.4.txt
View File

@ -507,10 +507,11 @@ docs </ref/contrib/csrf>` for more information.
Error report filtering Error report filtering
~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~
We added two function decorators, :func:`sensitive_variables` and We added two function decorators,
:func:`sensitive_post_parameters`, to allow designating the local variables :func:`~django.views.decorators.debug.sensitive_variables` and
and POST parameters that may contain sensitive information and should be :func:`~django.views.decorators.debug.sensitive_post_parameters`, to allow
filtered out of error reports. designating the local variables and POST parameters that may contain sensitive
information and should be filtered out of error reports.
All POST parameters are now systematically filtered out of error reports for All POST parameters are now systematically filtered out of error reports for
certain views (``login``, ``password_reset_confirm``, ``password_change`` and certain views (``login``, ``password_reset_confirm``, ``password_change`` and

1
docs/releases/index.txt
View File

@ -20,6 +20,7 @@ Final releases
.. toctree:: .. toctree::
:maxdepth: 1 :maxdepth: 1
1.4.8
1.4.7 1.4.7
1.4.6 1.4.6
1.4.5 1.4.5