From 3adfc3f97dc8ac5985a495b1a690b964f48ba208 Mon Sep 17 00:00:00 2001
From: Carl Meyer <carl@oddbird.net>
Date: Wed, 20 Feb 2013 12:26:54 -0700
Subject: [PATCH] [1.4.x] Note that ALLOWED_HOSTS default changes in Django
 1.5.

---
 docs/ref/settings.txt | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index f992eef3e7..43aa9b2905 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -104,6 +104,11 @@ This validation only applies via :meth:`~django.http.HttpRequest.get_host()`;
 if your code accesses the ``Host`` header directly from ``request.META`` you
 are bypassing this security protection.
 
+The default value of this setting in Django 1.4.4+ is ``['*']`` (accept any
+host) in order to avoid breaking backwards-compatibility in a security update,
+but in Django 1.5+ the default is ``[]`` and explicitly configuring this
+setting is required.
+
 .. setting:: ALLOWED_INCLUDE_ROOTS
 
 ALLOWED_INCLUDE_ROOTS