Author: aaugustin Date: 2012-02-12 06:29:30 -0800 (Sun, 12 Feb 2012) New Revision: 17513
Modified: django/trunk/docs/releases/1.4-beta-1.txt Log: Added documentation for r17418. Refs #17481. Modified: django/trunk/docs/releases/1.4-beta-1.txt =================================================================== --- django/trunk/docs/releases/1.4-beta-1.txt 2012-02-12 12:19:02 UTC (rev 17512) +++ django/trunk/docs/releases/1.4-beta-1.txt 2012-02-12 14:29:30 UTC (rev 17513) @@ -115,7 +115,22 @@ .. _nist: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf .. _bcrypt: http://en.wikipedia.org/wiki/Bcrypt +.. warning:: + Django 1.4 alpha contained a bug that corrupted PBKDF2 hashes. To + determine which accounts are affected, run :djadmin:`manage.py shell + <shell>` and paste this snippet:: + + from base64 import b64decode + from django.contrib.auth.models import User + hash_len = {'pbkdf2_sha1': 20, 'pbkdf2_sha256': 32} + for user in User.objects.filter(password__startswith='pbkdf2_'): + algo, _, _, hash = user.password.split('$') + if len(b64decode(hash)) != hash_len[algo]: + print user + + These users should reset their passwords. + HTML5 Doctype ~~~~~~~~~~~~~ @@ -557,7 +572,7 @@ * New phrases added to ``HIDDEN_SETTINGS`` regex in `django/views/debug.py`_. - ``'API'``, ``'TOKEN'``, ``'KEY'`` were added, ``'PASSWORD'`` was changed to + ``'API'``, ``'TOKEN'``, ``'KEY'`` were added, ``'PASSWORD'`` was changed to ``'PASS'``. .. _django/views/debug.py: http://code.djangoproject.com/browser/django/trunk/django/views/debug.py -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.
