diff options
| author | John Anderson <sontek@gmail.com> | 2014-11-16 23:27:08 -0800 |
|---|---|---|
| committer | John Anderson <sontek@gmail.com> | 2014-11-16 23:27:08 -0800 |
| commit | 749575a93961e76bcd623a1284a16e49304a4a56 (patch) | |
| tree | 0747c69d495d87cd5ab3579636c73905905a2270 /CHANGES.txt | |
| parent | 36046388d5cbe99b8d972853efba03b2fb5aa203 (diff) | |
| parent | 34a35e4f35d9930e0941009a7f31c5b0df14f9c7 (diff) | |
| download | pyramid-749575a93961e76bcd623a1284a16e49304a4a56.tar.gz pyramid-749575a93961e76bcd623a1284a16e49304a4a56.tar.bz2 pyramid-749575a93961e76bcd623a1284a16e49304a4a56.zip | |
Merge branch 'master' of https://github.com/Pylons/pyramid into fix_proutes_coverage
Diffstat (limited to 'CHANGES.txt')
| -rw-r--r-- | CHANGES.txt | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index a893ebae4..bbaa6739e 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -33,6 +33,11 @@ Features - Greatly improve the readability of the ``pcreate`` shell script output. See https://github.com/Pylons/pyramid/pull/1453 +- Improve robustness to timing attacks in the ``AuthTktCookieHelper`` and + the ``SignedCookieSessionFactory`` classes by using the stdlib's + ``hmac.compare_digest`` if it is available (such as Python 2.7.7+ and 3.3+). + See https://github.com/Pylons/pyramid/pull/1457 + Bug Fixes --------- |