On 16/09/2013 02:45 πμ, Russell Keith-Magee wrote:
Django 1.3 and earlier are also affected, but the exposure is smaller. It
was the speed of the PBKDF2 hashing function that revealed this problem,
and that hasher was introduced in Django 1.4. In Django 1.3 or earlier,
SHA1 was the default
Django 1.3 and earlier are also affected, but the exposure is smaller. It
was the speed of the PBKDF2 hashing function that revealed this problem,
and that hasher was introduced in Django 1.4. In Django 1.3 or earlier,
SHA1 was the default hashing function. As described in the release notes,
SHA1
On 15/09/2013 03:50 μμ, Russell Keith-Magee wrote:
Hi Dig
I'm not sure I understand your question. Both releases are security
releases; both are available on pip. If you code is based on the 1.5
release of Django, you should now be running 1.5.4.
Yours,
Russ Magee %-)
Hello, is 1.3.x
Hi Russell,
Got it, and thanks. We will update to 1.5.4 in this week.
Regards,
Dig
On Sep 15, 2013 8:51 PM, "Russell Keith-Magee"
wrote:
> Hi Dig
>
> I'm not sure I understand your question. Both releases are security
> releases; both are available on pip. If you
Hi Dig
I'm not sure I understand your question. Both releases are security
releases; both are available on pip. If you code is based on the 1.5
release of Django, you should now be running 1.5.4.
Yours,
Russ Magee %-)
On Sunday, September 15, 2013, Dig wrote:
> And how about 1.5.3 which is
And how about 1.5.3 which is announced a few days ago?
On Sep 15, 2013 5:14 PM, "Rahul Gaur" wrote:
> Hi ,
> I am using django==1.4.8 for my project , these new fixes are available
> with pip yet or we need to install the latest build manually ?
>
> Regards,
> Rahul
>
>
>
https://pypi.python.org/pypi/Django
2013/9/15 Rahul Gaur
> Hi ,
> I am using django==1.4.8 for my project , these new fixes are available
> with pip yet or we need to install the latest build manually ?
>
> Regards,
> Rahul
>
>
> On Sun, Sep 15, 2013 at 12:18 PM, James
Hi ,
I am using django==1.4.8 for my project , these new fixes are available
with pip yet or we need to install the latest build manually ?
Regards,
Rahul
On Sun, Sep 15, 2013 at 12:18 PM, James Bennett wrote:
> Earlier today a message posted to the django-developers
Earlier today a message posted to the django-developers mailing list
publicly disclosed what was later determined to be an exploitable security
issue in Django.
As such, we have short-circuited our normal one-week process and moved to
immediately issuing new releases to remedy the problem.
Full
9 matches
Mail list logo