##// END OF EJS Templates
security: limit the maximum password lenght to 72 characters to prevent possible...
security: limit the maximum password lenght to 72 characters to prevent possible server side resource consumption attack. - bcrypt heavy computation can lead to DOS using a very long password .eg 10**8 lenght. - we allowed this on registration or on password update

File last commit:

r15:9b3c78f4 default
r2192:a51e727d stable
Show More
release-notes-4.0.1.rst
17 lines | 393 B | text/x-rst | RstLexer

|RCE| 4.0.1 |RNS|

Release Date

  • 2016-05-25

Fixes

  • fixed default session to be file based instead of memory which causes problems in multi-worker setup
  • ui: fixing forks table #3959
  • ui: fixed gravatars misalignment issues
  • logging: fixed excesive formatting on auth logging
  • pull requests: better ref selection when opening PRs from changelog