Tim Graham
|
c231ec1af0
|
[1.7.x] Fixed typo in path to is_safe_url()
Backport of dd0b487872de4e3ff966da51e3610bac996e44f0 from master
|
2015-02-20 09:22:24 -05:00 |
|
Tim Graham
|
9b403a108c
|
[1.7.x] Added dates to release notes.
|
2015-01-13 13:09:34 -05:00 |
|
Tim Graham
|
818e59a3f0
|
[1.7.x] Prevented views.static.serve() from using large memory on large files.
This is a security fix. Disclosure following shortly.
|
2015-01-13 13:02:56 -05:00 |
|
Tim Graham
|
de67dedc77
|
[1.7.x] Fixed is_safe_url() to handle leading whitespace.
This is a security fix. Disclosure following shortly.
|
2015-01-13 13:02:56 -05:00 |
|
Carl Meyer
|
41b4bc73ee
|
[1.7.x] Stripped headers containing underscores to prevent spoofing in WSGI environ.
This is a security fix. Disclosure following shortly.
Thanks to Jedediah Smith for the report.
|
2015-01-13 13:02:56 -05:00 |
|
Tim Graham
|
33f1ccf5b1
|
[1.7.x] Added stub release notes for security releases.
|
2015-01-13 13:02:55 -05:00 |
|
Tim Graham
|
0e21fd4e40
|
[1.7.x] Added 1.4.18 release notes.
Backport of ce17b045bf5629aac66f872c3f548205906e04db from master
|
2015-01-05 14:25:36 -05:00 |
|