mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Refs #29784 -- Switched to https:// links where available.

Browse Source
This commit is contained in:
Jon Dufresne
2018-09-25 23:48:47 -07:00
committed by Claude Paroz
parent d1d5c97bc2
commit 82f286cf6f
131 changed files with 267 additions and 267 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/releases/1.8.16.txt
View File

@@ -26,7 +26,7 @@ DNS rebinding vulnerability when ``DEBUG=True``
Older versions of Django don't validate the ``Host`` header against
``settings.ALLOWED_HOSTS`` when ``settings.DEBUG=True``. This makes them
vulnerable to a `DNS rebinding attack
<http://benmmurphy.github.io/blog/2016/07/11/rails-webconsole-dns-rebinding/>`_.
<https://benmmurphy.github.io/blog/2016/07/11/rails-webconsole-dns-rebinding/>`_.
While Django doesn't ship a module that allows remote code execution, this is
at least a cross-site scripting vector, which could be quite serious if