1
0
mirror of https://github.com/django/django.git synced 2024-12-24 01:55:49 +00:00
Commit Graph

9 Commits

Author SHA1 Message Date
Tim Graham
4f313e284e Refs #17209 -- Removed login/logout and password reset/change function-based views.
Per deprecation timeline.
2017-09-22 12:51:17 -04:00
Tim Graham
f6acd1d271 Refs #23919 -- Removed Python 2 notes in docs. 2017-01-18 11:51:29 -05:00
Tim Graham
dd0b487872 Fixed typo in path to is_safe_url() 2015-02-20 09:21:39 -05:00
Tim Graham
cbbe6a6abb Added dates to release notes. 2015-01-13 13:08:57 -05:00
Tim Graham
a3bebfdc34 Ensured views.static.serve() doesn't use large memory on large files.
This issue was fixed in master by refs #24072.
2015-01-13 13:03:06 -05:00
Tim Graham
69b5e66738 Fixed is_safe_url() to handle leading whitespace.
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Carl Meyer
316b8d4974 Stripped headers containing underscores to prevent spoofing in WSGI environ.
This is a security fix. Disclosure following shortly.

Thanks to Jedediah Smith for the report.
2015-01-13 13:03:05 -05:00
Tim Graham
958aeda4b5 Added stub release notes for security releases. 2015-01-13 13:03:05 -05:00
Tim Graham
ce17b045bf Added 1.4.18 release notes. 2015-01-05 14:24:34 -05:00