mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-09 17:02:43 +00:00
Code Issues 32 Releases Wiki Activity

[5.0.x] Changed severity levels to list in security policy docs.

Browse Source 
Backport of a47de0d6cd440d4515ede48df8335d91d7ac7793 from main
This commit is contained in:
shivaramkumar 2024-02-05 05:36:32 +01:00 committed by Mariusz Felisiak
parent 761946f8e1
commit 2cfa3fba0c
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
docs/internals/security.txt
View File

@ -84,24 +84,24 @@ upcoming security release, as well as the severity of the issues. This is to
aid organizations that need to ensure they have staff available to handle aid organizations that need to ensure they have staff available to handle
triaging our announcement and upgrade Django as needed. Severity levels are: triaging our announcement and upgrade Django as needed. Severity levels are:
**High**: * **High**
* Remote code execution * Remote code execution
* SQL injection * SQL injection
**Moderate**: * **Moderate**
* Cross site scripting (XSS) * Cross site scripting (XSS)
* Cross site request forgery (CSRF) * Cross site request forgery (CSRF)
* Denial-of-service attacks * Denial-of-service attacks
* Broken authentication * Broken authentication
**Low**: * **Low**
* Sensitive data exposure * Sensitive data exposure
* Broken session management * Broken session management
* Unvalidated redirects/forwards * Unvalidated redirects/forwards
* Issues requiring an uncommon configuration option * Issues requiring an uncommon configuration option
Second, we notify a list of :ref:`people and organizations Second, we notify a list of :ref:`people and organizations
<security-notifications>`, primarily composed of operating-system vendors and <security-notifications>`, primarily composed of operating-system vendors and