diff --git a/.travis.yml b/.travis.yml index d3bf0df..08edf05 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,7 +14,6 @@ env: - TEST_OPTS="" - COVERAGE="" matrix: - - DJANGO=1.5.10 - DJANGO=1.6.7 matrix: exclude: diff --git a/docs/security.rst b/docs/security.rst index 55b585c..4071475 100644 --- a/docs/security.rst +++ b/docs/security.rst @@ -171,14 +171,6 @@ Obviously, this might lead to security issues with stealing, modifying and faking domain cookies. -Sessions -======== - -We use Django's more safe JSONSerializer to serialize session data. -For Django >=1.5.3, the serializer is configurable. -For Django >=1.6 json will be the default rather than the less safe pickle format. - - Django's SECRET_KEY =================== diff --git a/nsupdate/login/urls.py b/nsupdate/login/urls.py index 1b2449c..1eeb4ea 100644 --- a/nsupdate/login/urls.py +++ b/nsupdate/login/urls.py @@ -13,12 +13,6 @@ urlpatterns = patterns( {'template_name': 'password_reset.html'}, name='password_reset'), url(r'^password_reset_done/$', 'django.contrib.auth.views.password_reset_done', {'template_name': 'password_reset_done.html'}, name='password_reset_done'), - # for django 1.5.x: - # url(r'^password_reset_confirm/(?P[0-9A-Za-z]{1,13})-(?P[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$', - # 'django.contrib.auth.views.password_reset_confirm', - # {'template_name': 'password_reset_confirm.html'}, name='password_reset_confirm'), - # - # for django 1.6.x: url(r'^password_reset_confirm/(?P[0-9A-Za-z_\-]+)/(?P.+)/$', 'django.contrib.auth.views.password_reset_confirm', {'template_name': 'password_reset_confirm.html'}, name='password_reset_confirm'), diff --git a/nsupdate/settings/base.py b/nsupdate/settings/base.py index 4bf4fd1..1d1a188 100644 --- a/nsupdate/settings/base.py +++ b/nsupdate/settings/base.py @@ -247,8 +247,6 @@ SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_AGE = 14 * 24 * 60 * 60 # 14 days, in seconds (remember_me is True) SESSION_EXPIRE_AT_BROWSER_CLOSE = True # more safe (remember_me is False) -SESSION_SERIALIZER = 'django.contrib.sessions.serializers.JSONSerializer' - # python-social-auth settings AUTHENTICATION_BACKENDS = ( diff --git a/setup.py b/setup.py index 0279bfa..f89f9a6 100644 --- a/setup.py +++ b/setup.py @@ -56,8 +56,6 @@ setup( install_requires=install_requires + [ 'netaddr', 'django >=1.6, <1.7', # 1.7 is not tested yet - # django >= 1.5.3 also works, but needs a code change, see - # https://github.com/nsupdate-info/nsupdate.info/issues/141 'south', 'django-bootstrap-form', 'django-registration',