Adam Johnson
|
1cdfe8d912
|
Prevented (and corrected) single backtick usage in docs.
|
2020-04-01 14:55:11 +02:00 |
|
Tim Graham
|
4f313e284e
|
Refs #17209 -- Removed login/logout and password reset/change function-based views.
Per deprecation timeline.
|
2017-09-22 12:51:17 -04:00 |
|
Tim Graham
|
dd0b487872
|
Fixed typo in path to is_safe_url()
|
2015-02-20 09:21:39 -05:00 |
|
Tim Graham
|
cbbe6a6abb
|
Added dates to release notes.
|
2015-01-13 13:08:57 -05:00 |
|
Tim Graham
|
baf2542c4f
|
Fixed DoS possibility in ModelMultipleChoiceField.
This is a security fix. Disclosure following shortly.
Thanks Keryn Knight for the report and initial patch.
|
2015-01-13 13:03:06 -05:00 |
|
Tim Graham
|
a3bebfdc34
|
Ensured views.static.serve() doesn't use large memory on large files.
This issue was fixed in master by refs #24072.
|
2015-01-13 13:03:06 -05:00 |
|
Tim Graham
|
69b5e66738
|
Fixed is_safe_url() to handle leading whitespace.
This is a security fix. Disclosure following shortly.
|
2015-01-13 13:03:06 -05:00 |
|
Carl Meyer
|
316b8d4974
|
Stripped headers containing underscores to prevent spoofing in WSGI environ.
This is a security fix. Disclosure following shortly.
Thanks to Jedediah Smith for the report.
|
2015-01-13 13:03:05 -05:00 |
|
Tim Graham
|
958aeda4b5
|
Added stub release notes for security releases.
|
2015-01-13 13:03:05 -05:00 |
|