1
0
mirror of https://github.com/django/django.git synced 2024-12-25 02:26:12 +00:00
Commit Graph

5 Commits

Author SHA1 Message Date
Tim Graham
014247ad19 Prevented newlines from being accepted in some validators.
This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.
2015-07-08 15:23:03 -04:00
Carl Meyer
df049ed77a Fixed #19324 -- Avoided creating a session record when loading the session.
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
Tim Graham
125eaa19b2 Added security release note stubs. 2015-07-08 15:23:03 -04:00
Tim Graham
90c59db7a3 Forwardported release notes for refs #24903. 2015-06-09 17:57:21 -04:00
Andriy Sokolovskiy
80ad5472ce Fixed #24817 -- Prevented loss of null info in MySQL field renaming. 2015-05-28 10:07:52 -04:00