mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #26020 -- Normalized header stylings in docs.

Browse Source
This commit is contained in:
Elif T. Kus
2016-01-03 12:56:22 +02:00
committed by Tim Graham
parent 79d0a4fdb0
commit bca9faae95
132 changed files with 1498 additions and 1464 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/releases/1.3.6.txt
View File

@@ -11,7 +11,7 @@ This is the sixth bugfix/security release in the Django 1.3 series.
Host header poisoning
---------------------
=====================
Some parts of Django -- independent of end-user-written applications -- make
use of full URLs, including domain name, which are generated from the HTTP Host
@@ -36,7 +36,7 @@ This host validation is disabled when ``DEBUG`` is ``True`` or when running test
XML deserialization
-------------------
===================
The XML parser in the Python standard library is vulnerable to a number of
attacks via external entities and entity expansion. Django uses this parser for
@@ -57,7 +57,7 @@ management command, you will need to ensure they do not contain a DTD.
Formset memory exhaustion
-------------------------
=========================
Previous versions of Django did not validate or limit the form-count data
provided by the client in a formset's management form, making it possible to
@@ -70,7 +70,7 @@ factory argument).
Admin history view information leakage
--------------------------------------
======================================
In previous versions of Django, an admin user without change permission on a
model could still view the unicode representation of instances via their admin