mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #26020 -- Normalized header stylings in docs.

Browse Source
This commit is contained in:
Elif T. Kus
2016-01-03 12:56:22 +02:00
committed by Tim Graham
parent 79d0a4fdb0
commit bca9faae95
132 changed files with 1498 additions and 1464 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/releases/1.4.4.txt
View File

@@ -12,7 +12,7 @@ This is the fourth bugfix/security release in the Django 1.4 series.
Host header poisoning
---------------------
=====================
Some parts of Django -- independent of end-user-written applications -- make
use of full URLs, including domain name, which are generated from the HTTP Host
@@ -37,7 +37,7 @@ This host validation is disabled when ``DEBUG`` is ``True`` or when running test
XML deserialization
-------------------
===================
The XML parser in the Python standard library is vulnerable to a number of
attacks via external entities and entity expansion. Django uses this parser for
@@ -58,7 +58,7 @@ management command, you will need to ensure they do not contain a DTD.
Formset memory exhaustion
-------------------------
=========================
Previous versions of Django did not validate or limit the form-count data
provided by the client in a formset's management form, making it possible to
@@ -71,7 +71,7 @@ factory argument).
Admin history view information leakage
--------------------------------------
======================================
In previous versions of Django, an admin user without change permission on a
model could still view the unicode representation of instances via their admin