django

mirror of https://github.com/django/django.git synced 2025-01-12 19:37:06 +00:00

History

Natalia 96d8404771 [5.0.x] Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails. On successful submission of a password reset request, an email is sent to the accounts known to the system. If sending this email fails (due to email backend misconfiguration, service provider outage, network issues, etc.), an attacker might exploit this by detecting which password reset requests succeed and which ones generate a 500 error response. Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam Johnson, and Sarah Boyce for the reviews.		2024-09-03 09:33:01 -03:00
..
class-based-views
contrib
files
forms	[5.0.x] Made cosmetic edits to code snippets reformatted with blacken-docs.	2024-05-30 09:42:50 -03:00
models	[5.0.x] Made cosmetic edits to code snippets reformatted with blacken-docs.	2024-05-30 09:42:50 -03:00
templates	[5.0.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.	2024-09-03 09:32:43 -03:00
applications.txt	[5.0.x] Fixed #23790 -- Warned about renaming AppConfig.label in docs/ref/applications.txt.	2024-07-01 21:53:50 -03:00
checks.txt
clickjacking.txt	[5.0.x] Removed outdated note about limitations in Clickjacking protection.	2024-07-04 18:13:25 -03:00
csrf.txt
databases.txt
django-admin.txt
exceptions.txt
index.txt
logging.txt	[5.0.x] Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails.	2024-09-03 09:33:01 -03:00
middleware.txt
migration-operations.txt
paginator.txt
request-response.txt
schema-editor.txt
settings.txt
signals.txt
template-response.txt
unicode.txt
urlresolvers.txt
urls.txt
utils.txt	[5.0.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ValueError in get_supported_language_variant().	2024-07-25 09:42:17 +02:00
validators.txt
views.txt