parent: c8c9bc80 | patch | commit | ignore whitespace
Chris McDonough
2011-11-20 e61ab86f91f5085fb601699ec1a25eac7b0cfca9 
- The AuthTktAuthenticationPolicy did not use a timing-attack-aware string
  comparator.  See https://github.com/Pylons/pyramid/pull/320 for more info.

References issue#320.
1 files modified
11 ■■■■ changed files
CHANGES.txt 11 ●●●● patch | view | raw | blame | history 
 CHANGES.txt


@@ -4,8 +4,9 @@


Bug Fixes


---------




- The ``pryamid.view.view_config`` decorator did not accept a ``match_params``


  predicate argument.  See https://github.com/Pylons/pyramid/pull/308


- Backport from master: The ``pryamid.view.view_config`` decorator did not


  accept a ``match_params`` predicate argument.  See


  https://github.com/Pylons/pyramid/pull/308




- Backport fixes from master regarding URL decoding.  URL segments are


  no-longer "double-decoded" during traversal and when encountered in a route


@@ -26,10 +27,14 @@


- Backport from master: fix ``request.json_body`` to deal with alternate


  request charsets.




- Backport from master: The AuthTktCookieHelper could potentially generate


- Backport from master: the AuthTktCookieHelper could potentially generate


  Unicode headers inappropriately when the ``tokens`` argument to remember


  was used.  See https://github.com/Pylons/pyramid/pull/314.




- Backport from master: the AuthTktAuthenticationPolicy did not use a


  timing-attack-aware string comparator.  See


  https://github.com/Pylons/pyramid/pull/320 for more info.




Testing


-------