Re: [django-announce] [ANNOUNCE] Security releases issued -- vulnerability in the wild

On 16/09/2013 02:45 πμ, Russell Keith-Magee wrote: Django 1.3 and earlier are also affected, but the exposure is smaller. It was the speed of the PBKDF2 hashing function that revealed this problem, and that hasher was introduced in Django 1.4. In Django 1.3 or earlier, SHA1 was the default

Re: [django-announce] [ANNOUNCE] Security releases issued -- vulnerability in the wild

Django 1.3 and earlier are also affected, but the exposure is smaller. It was the speed of the PBKDF2 hashing function that revealed this problem, and that hasher was introduced in Django 1.4. In Django 1.3 or earlier, SHA1 was the default hashing function. As described in the release notes, SHA1

Re: [django-announce] [ANNOUNCE] Security releases issued -- vulnerability in the wild

On 15/09/2013 03:50 μμ, Russell Keith-Magee wrote: Hi Dig I'm not sure I understand your question. Both releases are security releases; both are available on pip. If you code is based on the 1.5 release of Django, you should now be running 1.5.4. Yours, Russ Magee %-) Hello, is 1.3.x

Re: [django-announce] [ANNOUNCE] Security releases issued -- vulnerability in the wild

Hi Russell, Got it, and thanks. We will update to 1.5.4 in this week. Regards, Dig On Sep 15, 2013 8:51 PM, "Russell Keith-Magee" wrote: > Hi Dig > > I'm not sure I understand your question. Both releases are security > releases; both are available on pip. If you

Re: [django-announce] [ANNOUNCE] Security releases issued -- vulnerability in the wild

Hi Dig I'm not sure I understand your question. Both releases are security releases; both are available on pip. If you code is based on the 1.5 release of Django, you should now be running 1.5.4. Yours, Russ Magee %-) On Sunday, September 15, 2013, Dig wrote: > And how about 1.5.3 which is

Re: [ANNOUNCE] Security releases issued -- vulnerability in the wild

And how about 1.5.3 which is announced a few days ago? On Sep 15, 2013 5:14 PM, "Rahul Gaur" wrote: > Hi , > I am using django==1.4.8 for my project , these new fixes are available > with pip yet or we need to install the latest build manually ? > > Regards, > Rahul > > >

Re: [ANNOUNCE] Security releases issued -- vulnerability in the wild

https://pypi.python.org/pypi/Django 2013/9/15 Rahul Gaur > Hi , > I am using django==1.4.8 for my project , these new fixes are available > with pip yet or we need to install the latest build manually ? > > Regards, > Rahul > > > On Sun, Sep 15, 2013 at 12:18 PM, James

Re: [ANNOUNCE] Security releases issued -- vulnerability in the wild

Hi , I am using django==1.4.8 for my project , these new fixes are available with pip yet or we need to install the latest build manually ? Regards, Rahul On Sun, Sep 15, 2013 at 12:18 PM, James Bennett wrote: > Earlier today a message posted to the django-developers

[ANNOUNCE] Security releases issued -- vulnerability in the wild

Earlier today a message posted to the django-developers mailing list publicly disclosed what was later determined to be an exploitable security issue in Django. As such, we have short-circuited our normal one-week process and moved to immediately issuing new releases to remedy the problem. Full