Changelog re hash comparison bugfix

author: Jeff Forcier <jeff@bitprophet.org> 2014-02-14 11:53:42 -0800
committer: Jeff Forcier <jeff@bitprophet.org> 2014-02-14 11:53:42 -0800
commit: 30518280f1356465f0acfdb4816843b61303a633 (patch)
tree: c9002a1175bf59223176e2c20194f28c6a4e4fdd /sites/www/changelog.rst
parent: 9d7aeff7b19aabacecdb42d86af15bdb45e01e20 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index c26b996c..fa58c5f6 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,10 @@
 Changelog
 =========
 
+* :bug:`-` Use constant-time hash comparison operations where possible, to
+  protect against `timing-based attacks
+  <http://codahale.com/a-lesson-in-timing-attacks/>`_. Thanks to Alex Gaynor
+  for the patch.
 * :release:`1.10.6 <2014-02-14>`
 * :bug:`34` (PR :issue:`35`) Fix SFTP prefetching incompatibility with some
   SFTP servers regarding request/response ordering. Thanks to Richard
author	Jeff Forcier <jeff@bitprophet.org>	2014-02-14 11:53:42 -0800
committer	Jeff Forcier <jeff@bitprophet.org>	2014-02-14 11:53:42 -0800
commit	30518280f1356465f0acfdb4816843b61303a633 (patch)
tree	c9002a1175bf59223176e2c20194f28c6a4e4fdd /sites/www/changelog.rst
parent	9d7aeff7b19aabacecdb42d86af15bdb45e01e20 (diff)