diff options
| author | Michael Merickel <github@m.merickel.org> | 2018-11-03 14:17:11 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-11-03 14:17:11 -0500 |
| commit | 133db09d179c3f5afe7e02dc13ab6687517db5a1 (patch) | |
| tree | 4f433ad0811495ced4900055426f5d9ac3c658f5 /CHANGES.rst | |
| parent | fc67869fb2732e715905614af3f9a69d48aed644 (diff) | |
| parent | 02caee917f1b629467942ae3112d10e13d03202a (diff) | |
| download | pyramid-133db09d179c3f5afe7e02dc13ab6687517db5a1.tar.gz pyramid-133db09d179c3f5afe7e02dc13ab6687517db5a1.tar.bz2 pyramid-133db09d179c3f5afe7e02dc13ab6687517db5a1.zip | |
Merge pull request #3412 from mmerickel/remove-unencrypted-session-config
remove UnencryptedCookieSessionFactoryConfig and signed_(de)serialize
Diffstat (limited to 'CHANGES.rst')
| -rw-r--r-- | CHANGES.rst | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/CHANGES.rst b/CHANGES.rst index f847cec7a..dfea7afa9 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -39,6 +39,19 @@ Backward Incompatibilities matching that was not compliant with the RFC. See https://github.com/Pylons/pyramid/pull/3411 +- Removed ``pyramid.session.UnencryptedCookieSessionFactoryConfig``. This + session factory was replaced with + ``pyramid.session.SignedCookieSessionFactory`` in Pyramid 1.5 and has been + deprecated since then. + See https://github.com/Pylons/pyramid/pull/3412 + +- Removed ``pyramid.session.signed_serialize``, and + ``pyramid.session.signed_deserialize``. These methods were only used by + the now-removed ``pyramid.session.UnencryptedCookieSessionFactoryConfig`` + and were coupled to the vulnerable pickle serialization format which could + lead to remove code execution if the secret key is compromised. + See https://github.com/Pylons/pyramid/pull/3412 + Documentation Changes --------------------- |