jfinn
/
edan_f0
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8784 Commits
1 Branch
Tree: 53dd1dd48b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '53dd1dd48b'
${ noResults }
edan_f0/docs/source/releases/v0.5.2.rst

v0.5.2.rst 706B
History Raw

123456789101112131415161718 
  1. =========================

  2. Oscar 0.5.2 release notes

  3. =========================

  4. 

  5. This is Oscar 0.5.2, a security release for Oscar 0.5.

  6. 

  7. Insecure use of ``SECRET_KEY`` in basket cookie

  8. -----------------------------------------------

  9. 

  10. For anonymous users, the basket ID is stored in a cookie.  Previously, the

  11. value was signed using a simple CRC32 hash using the ``SECRET_KEY``.

  12. However, a good rule of thumb is to never roll your own encryption, and it is

  13. possible that this method weakens the security of the ``SECRET_KEY``.

  14. 

  15. `The fix`_ uses Django's cryptographic signing functionality to sign the cookie

  16. in a more secure manner.

  17. 

  18. .. _`The fix`: https://github.com/django-oscar/django-oscar/commit/876f723