mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Refs #17209 -- Removed login/logout and password reset/change function-based views.

Browse Source 
Per deprecation timeline.
This commit is contained in:
Tim Graham
2017-09-02 19:24:18 -04:00
parent deb592b3e3
commit 4f313e284e
30 changed files with 42 additions and 870 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/releases/1.4.22.txt
View File

@@ -14,7 +14,7 @@ Denial-of-service possibility in ``logout()`` view by filling session store
===========================================================================
Previously, a session could be created when anonymously accessing the
:func:`django.contrib.auth.views.logout` view (provided it wasn't decorated
``django.contrib.auth.views.logout()`` view (provided it wasn't decorated
with :func:`~django.contrib.auth.decorators.login_required` as done in the
admin). This could allow an attacker to easily create many new session records
by sending repeated requests, potentially filling up the session store or