| 
							
							
								 Tim Graham | c050ce7de2 | [1.7.x] Fixed #22504 -- Corrected domain terminology in security guide. Thanks chris at chrullrich.net.
Backport of f65eb15ac6from master | 2014-04-25 10:29:18 -04:00 |  | 
			
				
					| 
							
							
								 Moayad Mardini | ae15356061 | [1.7.x] Fixed #22493 - Added warnings to raw() and extra() docs about SQL injection Thanks Erik Romijn for the suggestion.
Backport of 3776926cfefrom master | 2014-04-25 09:56:04 -04:00 |  | 
			
				
					| 
							
							
								 Tim Graham | df6760f12c | Added a warning regarding risks in serving user uploaded media. Thanks Preston Holmes for the draft text. | 2013-11-27 16:35:25 -05:00 |  | 
			
				
					| 
							
							
								 Tim Graham | a3372f67cb | Added a warning regarding session security and subdomains. | 2013-10-18 09:42:45 -04:00 |  | 
			
				
					| 
							
							
								 Aymeric Augustin | 1267d2d9bc | Fixed #20330 -- Normalized spelling of "web server". Thanks Baptiste Mispelon for the report. | 2013-04-29 19:40:43 +02:00 |  | 
			
				
					| 
							
							
								 Carl Meyer | d51fb74360 | Added a new required ALLOWED_HOSTS setting for HTTP host header validation. This is a security fix; disclosure and advisory coming shortly. | 2013-02-19 11:23:29 -07:00 |  | 
			
				
					| 
							
							
								 Aymeric Augustin | ebd2598596 | Removed django.contrib.markup. | 2012-12-29 21:59:07 +01:00 |  | 
			
				
					| 
							
							
								 Tim Graham | b3a8c9dab8 | Fixed broken links, round 3. refs #19516 | 2012-12-26 19:07:22 -05:00 |  | 
			
				
					| 
							
							
								 Florian Apolloner | 27560924ec | Fixed a security issue in get_host. Full disclosure and new release forthcoming. | 2012-12-10 22:11:40 +01:00 |  | 
			
				
					| 
							
							
								 David Fischer | 58786897a1 | Formatting fix for host headers section | 2012-09-06 16:10:08 -04:00 |  | 
			
				
					| 
							
							
								 David Fischer | c65100248d | Added CSRF with HTTPS/HSTS and forwarding note | 2012-09-06 16:08:14 -04:00 |  | 
			
				
					| 
							
							
								 David Fischer | ba141e6906 | Added note about Strict Transport Security (HSTS) | 2012-09-06 15:13:31 -04:00 |  | 
			
				
					| 
							
							
								 Luke Plant | 0199bdc0b4 | Rewrote security.txt SSL docs, noting SECURE_PROXY_SSL_HEADER. | 2012-06-04 21:41:05 +01:00 |  | 
			
				
					| 
							
							
								 Luke Plant | 718f149bb2 | Added more explicit warnings about unconfigured reStructured Text usage in docs. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17915 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | 2012-04-19 15:00:55 +00:00 |  | 
			
				
					| 
							
							
								 Adrian Holovaty | d3055b3382 | Quick edit of docs/topics/security.txt to catch some basic formatting problems and reword an awkward section git-svn-id: http://code.djangoproject.com/svn/django/trunk@17222 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | 2011-12-17 02:48:27 +00:00 |  | 
			
				
					| 
							
							
								 Russell Keith-Magee | 893cea211a | Added protection against spoofing of X_FORWARDED_HOST headers. A security announcement will be made shortly. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16758 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | 2011-09-10 00:46:38 +00:00 |  | 
			
				
					| 
							
							
								 Jannis Leidel | f0280f2e94 | Fixes #16482 -- Fixes typo in security docs. Thanks, charettes. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16560 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | 2011-07-29 09:39:55 +00:00 |  | 
			
				
					| 
							
							
								 Luke Plant | 9896b0df73 | Grammar fixes and content tweaks to XSS section of security docs. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16545 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | 2011-07-17 14:17:26 +00:00 |  | 
			
				
					| 
							
							
								 Luke Plant | f5c9c2246e | Improved warning about file uploads in docs, and added link from security overview page git-svn-id: http://code.djangoproject.com/svn/django/trunk@16521 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | 2011-07-06 23:44:54 +00:00 |  | 
			
				
					| 
							
							
								 Jannis Leidel | 3ee076b135 | Fixed #16248 -- Corrected a few typos in the security docs. Thanks, buddelkiste. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16397 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | 2011-06-14 10:34:52 +00:00 |  | 
			
				
					| 
							
							
								 Luke Plant | 528157ce73 | Fixed #14201 - Add a "security overview" page to the docs Thanks to davidfischer for the initial patch!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16360 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | 2011-06-10 15:14:36 +00:00 |  |