mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-08 16:32:32 +00:00
Code Issues 32 Releases Wiki Activity
33,329 Commits 29 Branches 437 Tags
Commit Graph

32 Commits

Author SHA1 Message Date
Sarah Boyce
d637e251b4 [5.2.x] Added security guideline on reasonable size limitations when rendering content via the DTL. 
This also removes the need to add warnings for every Django template filter.

Backport of 582ba18d56167587e290545f113d3956e73a5801 from main.
 2025-02-24 08:54:44 +01:00
Sarah Boyce
865337ae92 [5.2.x] Added security reporting guidelines. 
Backport of 59353360590202fab04067e23214a825157c524b from main.
 2025-02-24 08:54:18 +01:00
Sarah Boyce
a39d0ff88f [5.2.x] Updated expectations for when security reports will receive a reply. 
Backport of cecb76a942e4c9df518df098b1e62778cfe20f06 from main.
 2025-02-24 08:53:56 +01:00
nessita
d6a44efa49 [5.2.x] Refs #35612 -- Extended docs on how the security team evaluates reports. 
Co-authored-by: Shai Berger <shai@platonix.com>

Backport of f609a2da868b2320ecdc0551df3cca360d5b5bc3 from main.
 2025-02-04 08:55:11 -03:00
Sarah Boyce
9423f8b476 Fixed #35612 -- Added documentation on how the security team evaluates reports. 
Co-authored-by: Joshua Olatunji <joshua+github@etentlabs.com>
 2024-10-11 10:53:11 +02:00
shivaramkumar
a47de0d6cd
Changed severity levels to list in security policy docs. 2024-02-05 05:36:32 +01:00
Tim Graham
2c4dc64760 Used extlinks for PyPI links. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2023-04-17 06:55:32 +02:00
Markus Holtermann
d9a266d657 Updated Git branch "master" to "main". 
This change follows a long discussion on django-develops:

https://groups.google.com/g/django-developers/c/tctDuKUGosc/
 2021-03-09 08:48:32 +01:00
Michael Manfre
0e893248b2
Added notes related to security pre-notification list requests. 2020-05-21 10:30:14 +02:00
Tobias Kunze
4a954cfd11 Fixed #30573 -- Rephrased documentation to avoid words that minimise the involved difficulty. 
This patch does not remove all occurrences of the words in question.
Rather, I went through all of the occurrences of the words listed
below, and judged if they a) suggested the reader had some kind of
knowledge/experience, and b) if they added anything of value (including
tone of voice, etc). I left most of the words alone. I looked at the
following words:

- simply/simple
- easy/easier/easiest
- obvious
- just
- merely
- straightforward
- ridiculous

Thanks to Carlton Gibson for guidance on how to approach this issue, and
to Tim Bell for providing the idea. But the enormous lion's share of
thanks go to Adam Johnson for his patient and helpful review.
 2019-09-06 13:27:46 +02:00
François Freitag
9b15ff08ba Used auto-numbered lists in documentation. 2018-11-15 13:54:28 -05:00
Brett Cannon
64b74804c5 Fixed #29334 -- Updated pypi.python.org URLs to pypi.org. 2018-04-17 20:24:27 -04:00
Tim Graham
e1cf2a607e Added "Denial-of-service attacks" to the security issue severity classification. 2018-03-12 11:00:47 -04:00
Florian Apolloner
bf0dff4bed Typo fix. 2017-03-13 22:01:42 +01:00
Tim Graham
3d14cbc867 Removed docs/internals/roles.txt. 
It's moved to https://www.djangoproject.com/foundation/teams/.
 2017-02-15 09:31:41 +01:00
Tim Graham
af98a0a25e Updated security policy according to current practices. 
Also added security release date notifications to django-announce.
 2016-10-15 07:53:08 -04:00
Elif T. Kus
bca9faae95 Fixed #26020 -- Normalized header stylings in docs. 2016-01-22 12:12:17 -05:00
Tim Graham
aed437d567 Updated release process for new release schedule. 2015-06-25 11:36:17 -04:00
Tim Graham
46ce72e8d2 Added oss-security@lists.openwall.com to security release announcements. 2015-05-25 08:31:51 -04:00
Tim Graham
016d8cfbe2 Removed obsolete distros@vs.openwall.org security notification. 2015-05-21 19:22:58 -04:00
Aymeric Augustin
a4ead67ee9 Adjusted 'internals' docs to the new organization. 
Most of these changes are about using the correct vocabulary -- "core
team member" vs "core developer/committer" and adding internal links.
 2014-08-01 14:41:25 +02:00
James Bennett
c83583fb34 Correctly remove extraneous text about keys from previous edit. 2014-07-27 13:49:53 +02:00
James Bennett
fe87f8d670 Update from key ID in security.txt to authorized release keys list. 2014-07-27 13:48:59 +02:00
Tim Graham
7f2505ad9e Fixed doc typos. 2014-02-28 11:44:03 -05:00
James Turley
4d8209431d Fixed #21824 -- Added reference to LTS in docs/internals/security.txt 2014-01-24 08:13:17 -05:00
Claude Paroz
626bdf648a Updated a bunch of hyperlinks in documentation 2013-12-08 18:40:09 +01:00
Unai Zalakain
3895d8899d Fixed #21213 -- Added docs for Django's mailing lists. 
Added docs/internals/mailing-lists.txt documenting the use of django's
mailing lists. All references across docs changed to point to this page.

The referencing makes use of substitution because there's no way to make
a :ref: link in a non-inline fashion in Sphinx. It also makes use of
rst_epilog Sphinx conf for making this substitutions across all the
docs.
 2013-10-04 10:00:36 -04:00
Russell Keith-Magee
8e134c27c9 Corrected markup problems in new security summary page. 2013-09-19 13:57:02 +08:00
James Bennett
a2e25e8a83 Fix #21121: Add archive of security issues. 2013-09-18 23:13:04 -05:00
Tim Graham
5737c57d95 Fixed #20868 -- Added an email to django-announce as a security step. 
Thanks garrison for the report.
 2013-08-09 16:02:05 -04:00
Loic Bistuer
aff0aa3af8 Rephrased the docs for reporting security issues to make it less intimidating. 2013-07-16 17:17:08 +07:00
James Bennett
1ef1bceb3b Add new security-policy documentation. 
This formally describes our policies on reporting, notification and
disclosure of security issues, and provides a detailed explanation of
our full security-response process, for reference purposes.
 2012-08-07 16:06:34 -04:00