0
0
mirror of https://github.com/django/django.git synced 2024-11-25 07:59:34 +01:00
django/docs/releases/1.10.7.txt

28 lines
925 B
Plaintext
Raw Normal View History

2017-03-07 19:05:35 +01:00
===========================
Django 1.10.7 release notes
===========================
*April 4, 2017*
2017-03-07 19:05:35 +01:00
Django 1.10.7 fixes two security issues and a bug in 1.10.6.
2017-03-07 19:05:35 +01:00
CVE-2017-7234: Open redirect vulnerability in ``django.views.static.serve()``
=============================================================================
A maliciously crafted URL to a Django site using the
:func:`~django.views.static.serve` view could redirect to any other domain. The
view no longer does any redirects as they don't provide any known, useful
functionality.
Note, however, that this view has always carried a warning that it is not
hardened for production use and should be used only as a development aid.
2017-03-07 19:05:35 +01:00
Bugfixes
========
* Made admin's ``RelatedFieldWidgetWrapper`` use the wrapped widget's
``value_omitted_from_data()`` method (:ticket:`27905`).
* Fixed model form ``default`` fallback for ``SelectMultiple``
(:ticket:`27993`).