mirrors/django
mirrors/django
0
0
Fork 0
mirror of https://github.com/django/django.git synced 2024-12-01 15:42:04 +01:00
Code Issues Releases Wiki Activity
a1f948b468
django/docs/releases/1.8.18.txt
Tim Graham a1f948b468 Fixed CVE-2017-7234 -- Fixed open redirect vulnerability in views.static.serve(). 
This is a security fix.
2017-04-04 10:42:06 -04:00

19 lines
682 B
Plaintext
Raw Blame History

===========================
Django 1.8.18 release notes
===========================
*April 4, 2017*
Django 1.8.18 fixes two security issues in 1.8.17.
CVE-2017-7234: Open redirect vulnerability in ``django.views.static.serve()``
=============================================================================
A maliciously crafted URL to a Django site using the
:func:`~django.views.static.serve` view could redirect to any other domain. The
view no longer does any redirects as they don't provide any known, useful
functionality.
Note, however, that this view has always carried a warning that it is not
hardened for production use and should be used only as a development aid.
View Git Blame Copy Permalink