mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-11-07 07:15:35 +00:00
Code Issues 32 Releases Wiki Activity

Refs #36485 -- Rewrapped docs to 79 columns line length.

Browse Source 
Lines in the docs files were manually adjusted to conform to the
79 columns limit per line (plus newline), improving readability and
consistency across the content.
This commit is contained in:
David Smith
2025-07-25 10:24:17 +01:00
committed by nessita
parent 4286a23df6
commit f81e6e3a53
230 changed files with 3250 additions and 2914 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/releases/1.4.4.txt
View File

@@ -17,11 +17,11 @@ Host header poisoning
Some parts of Django -- independent of end-user-written applications -- make
use of full URLs, including domain name, which are generated from the HTTP Host
header. Django's documentation has for some time contained notes advising users
on how to configure web servers to ensure that only valid Host headers can reach
the Django application. However, it has been reported to us that even with the
recommended web server configurations there are still techniques available for
tricking many common web servers into supplying the application with an
incorrect and possibly malicious Host header.
on how to configure web servers to ensure that only valid Host headers can
reach the Django application. However, it has been reported to us that even
with the recommended web server configurations there are still techniques
available for tricking many common web servers into supplying the application
with an incorrect and possibly malicious Host header.
For this reason, Django 1.4.4 adds a new setting, ``ALLOWED_HOSTS``, containing
an explicit list of valid host/domain names for this site. A request with a
@@ -33,7 +33,8 @@ The default value for this setting in Django 1.4.4 is ``['*']`` (matching any
host), for backwards-compatibility, but we strongly encourage all sites to set
a more restrictive value.
This host validation is disabled when ``DEBUG`` is ``True`` or when running tests.
This host validation is disabled when ``DEBUG`` is ``True`` or when running
tests.
XML deserialization
@@ -82,7 +83,8 @@ to users with change permission for that model.
Other bugfixes and changes
==========================
* Prevented transaction state from leaking from one request to the next (#19707).
* Prevented transaction state from leaking from one request to the next
(#19707).
* Changed an SQL command syntax to be MySQL 4 compatible (#19702).
* Added backwards-compatibility with old unsalted MD5 passwords (#18144).
* Numerous documentation improvements and fixes.