diff options
| author | Michael Merickel <michael@merickel.org> | 2014-11-17 02:05:02 -0600 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2014-11-17 02:05:02 -0600 |
| commit | e07af13b19b8fb00a393bb91b950b516cfca1cb6 (patch) | |
| tree | a18c92e500f059312daa9e44bf3ee73f5dc508d0 /CHANGES.txt | |
| parent | 6beffc41634844f3ea3b6152f292d3dbe6b5500c (diff) | |
| parent | 1d298deae192918a994423c3fc4ee9cd4bf7e7ca (diff) | |
| download | pyramid-e07af13b19b8fb00a393bb91b950b516cfca1cb6.tar.gz pyramid-e07af13b19b8fb00a393bb91b950b516cfca1cb6.tar.bz2 pyramid-e07af13b19b8fb00a393bb91b950b516cfca1cb6.zip | |
Merge branch 'master' into feature.security-docs-enhancements
Diffstat (limited to 'CHANGES.txt')
| -rw-r--r-- | CHANGES.txt | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 4dd92b46f..2209ae9e4 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -33,6 +33,11 @@ Features - Greatly improve the readability of the ``pcreate`` shell script output. See https://github.com/Pylons/pyramid/pull/1453 +- Improve robustness to timing attacks in the ``AuthTktCookieHelper`` and + the ``SignedCookieSessionFactory`` classes by using the stdlib's + ``hmac.compare_digest`` if it is available (such as Python 2.7.7+ and 3.3+). + See https://github.com/Pylons/pyramid/pull/1457 + Bug Fixes --------- |