1
0
mirror of https://github.com/django/django.git synced 2024-12-30 21:16:26 +00:00
Commit Graph

7 Commits

Author SHA1 Message Date
Tim Graham
18dceab05b [1.8.x] Fixed typo in path to is_safe_url()
Backport of dd0b487872 from master
2015-02-20 09:22:17 -05:00
Tim Graham
cbbe6a6abb Added dates to release notes. 2015-01-13 13:08:57 -05:00
Tim Graham
baf2542c4f Fixed DoS possibility in ModelMultipleChoiceField.
This is a security fix. Disclosure following shortly.

Thanks Keryn Knight for the report and initial patch.
2015-01-13 13:03:06 -05:00
Tim Graham
a3bebfdc34 Ensured views.static.serve() doesn't use large memory on large files.
This issue was fixed in master by refs #24072.
2015-01-13 13:03:06 -05:00
Tim Graham
69b5e66738 Fixed is_safe_url() to handle leading whitespace.
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Carl Meyer
316b8d4974 Stripped headers containing underscores to prevent spoofing in WSGI environ.
This is a security fix. Disclosure following shortly.

Thanks to Jedediah Smith for the report.
2015-01-13 13:03:05 -05:00
Tim Graham
958aeda4b5 Added stub release notes for security releases. 2015-01-13 13:03:05 -05:00