mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-01-04 07:26:38 +00:00
Code Issues 30 Releases Wiki Activity
20,345 Commits 28 Branches 426 Tags 637 MiB
574dd5e0b0
Commit Graph

3 Commits

Author SHA1 Message Date
Tim Graham
574dd5e0b0 [1.8.x] Prevented newlines from being accepted in some validators. 
This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.
 2015-07-08 15:23:18 -04:00
Carl Meyer
66d12d1aba [1.8.x] Fixed #19324 -- Avoided creating a session record when loading the session. 
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
 2015-07-08 15:23:18 -04:00
Tim Graham
64e8a5f1bb [1.8.x] Added security release note stubs. 2015-07-08 15:23:18 -04:00