django

mirror of https://github.com/django/django.git synced 2024-11-28 10:48:32 +01:00

History

Natalia 8c35a0a903 Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails. On successful submission of a password reset request, an email is sent to the accounts known to the system. If sending this email fails (due to email backend misconfiguration, service provider outage, network issues, etc.), an attacker might exploit this by detecting which password reset requests succeed and which ones generate a 500 error response. Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam Johnson, and Sarah Boyce for the reviews.		2024-09-03 09:22:32 -03:00
..
class-based-views
contrib
files
forms
models	Removed outdated note about lack of subquery support in MySQL.	2024-08-28 15:55:30 -03:00
templates	Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.	2024-09-03 09:22:32 -03:00
applications.txt
checks.txt
clickjacking.txt
csrf.txt
databases.txt	Fixed #35702 -- Removed connection pooling note for mysql drivers.	2024-08-30 09:08:32 +02:00
django-admin.txt	Fixed typo of --no-startup in django-admin docs.	2024-08-13 11:18:42 +02:00
exceptions.txt
index.txt
logging.txt	Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails.	2024-09-03 09:22:32 -03:00
middleware.txt
migration-operations.txt
paginator.txt
request-response.txt
schema-editor.txt
settings.txt	Added EMAIL_USE_SSL to the 'Core Settings Topical Index' docs.	2024-09-03 10:16:20 +02:00
signals.txt
template-response.txt
unicode.txt
urlresolvers.txt
urls.txt
utils.txt	Fixed #35668 -- Added mapping support to format_html_join.	2024-08-20 08:20:34 +02:00
validators.txt
views.txt