mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-04 19:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Refs #27468 -- Changed default Signer algorithm to SHA-256.

Browse source
This commit is contained in:
Claude Paroz 2020-02-13 20:55:48 +01:00 committed by Mariusz Felisiak
parent 4bb33bb074
commit 71c4fb7beb
5 changed files with 86 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

8
docs/releases/3.1.txt
View file

@ -404,6 +404,14 @@ Security
origins. If you need the previous behavior, explicitly set
:setting:`SECURE_REFERRER_POLICY` to ``None``.
* The default :class:`django.core.signing.Signer` algorithm is changed to the
SHA-256. Support for signatures made with the old SHA-1 algorithm remains
until Django 4.0.
Also, the new ``algorithm`` parameter of the
:class:`~django.core.signing.Signer` allows customizing the hashing
algorithm.
Serialization
~~~~~~~~~~~~~