mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00
Code Issues 25 Releases Wiki Activity
01a4d8a3c7
django/docs/ref
History
Natalia 8c35a0a903 Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails. 
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.

Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
2024-09-03 09:22:32 -03:00
..
class-based-views Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. 2023-03-01 13:03:56 +01:00
contrib Doc'd that SessionMiddleware is required for the admin site. 2024-08-08 08:48:41 -03:00
files Fixed #35604, Refs #35326 -- Made FileSystemStorage.exists() behaviour independent from allow_overwrite. 2024-07-24 14:55:10 +02:00
forms Used :pypi: role in docs where appropriate. 2024-08-05 10:35:50 -03:00
models Removed outdated note about lack of subquery support in MySQL. 2024-08-28 15:55:30 -03:00
templates Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 2024-09-03 09:22:32 -03:00
applications.txt Fixed #23790 -- Warned about renaming AppConfig.label in docs/ref/applications.txt. 2024-07-01 21:52:04 -03:00
checks.txt Fixed #31405 -- Added LoginRequiredMiddleware. 2024-05-22 08:51:17 +02:00
clickjacking.txt Removed outdated note about limitations in Clickjacking protection. 2024-07-04 18:08:19 -03:00
csrf.txt Refs #35401 -- Linked the CsrfViewMiddleware docs to the csrf_protect() decorator. 2024-06-12 13:11:29 +02:00
databases.txt Fixed #35702 -- Removed connection pooling note for mysql drivers. 2024-08-30 09:08:32 +02:00
django-admin.txt Fixed typo of --no-startup in django-admin docs. 2024-08-13 11:18:42 +02:00
exceptions.txt Removed versionadded/changed annotations for 4.2. 2023-09-18 22:12:40 +02:00
index.txt Refs #32880 -- Moved logging reference to new document. 2021-06-30 07:21:52 +02:00
logging.txt Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails. 2024-09-03 09:22:32 -03:00
middleware.txt Refs #31405 -- Improved LoginRequiredMiddleware documentation. 2024-08-08 10:05:31 +02:00
migration-operations.txt Doc'd that RemoveField also drops related database objects in PostgreSQL. 2024-04-16 13:11:06 -03:00
paginator.txt Removed versionadded/changed annotations for 5.0. 2024-05-22 15:44:07 -03:00
request-response.txt Removed versionadded/changed annotations for 5.0. 2024-05-22 15:44:07 -03:00
schema-editor.txt Refs #27236 -- Removed Meta.index_together per deprecation timeline. 2023-09-18 22:12:40 +02:00
settings.txt Added EMAIL_USE_SSL to the 'Core Settings Topical Index' docs. 2024-09-03 10:16:20 +02:00
signals.txt Improved style of n-tuple wording in docs and comments. 2023-06-23 09:29:35 +02:00
template-response.txt Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. 2023-03-01 13:03:56 +01:00
unicode.txt Fixed broken links and redirects in docs. 2024-03-06 08:50:21 +01:00
urlresolvers.txt Fixed 35467 -- Replaced urlparse with urlsplit where appropriate. 2024-05-29 10:48:27 -03:00
urls.txt Fixed #35090 -- Deprecated registering URL converters with the same name. 2024-02-23 15:54:49 +01:00
utils.txt Fixed #35668 -- Added mapping support to format_html_join. 2024-08-20 08:20:34 +02:00
validators.txt Removed versionadded/changed annotations for 5.0. 2024-05-22 15:44:07 -03:00
views.txt Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. 2023-03-01 13:03:56 +01:00