Loading docs/releases/1.7.1.txt +6 −0 Original line number Diff line number Diff line Loading @@ -91,3 +91,9 @@ Bugfixes (:ticket:`23560`). * Fixed ``deepcopy`` on ``ErrorList`` (:ticket:`23594`). * Made the :mod:`~django.contrib.admindocs` view to browse view details check if the view specified in the URL exists in the URLconf. Previously it was possible to import arbitrary packages from the Python path. This was not considered a security issue because ``admindocs`` is only accessible to staff users (:ticket:`23601`). docs/releases/1.8.txt +0 −8 Original line number Diff line number Diff line Loading @@ -76,14 +76,6 @@ Minor features <django.contrib.admin.ModelAdmin.show_full_result_count>` to control whether or not the full count of objects should be displayed on a filtered admin page. :mod:`django.contrib.admindocs` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * The view to browse view details now checks if the view specified in the URL exists in the URLconf. Previously it was possible to import arbitrary packages from the Python path. This was not considered a security issue because ``admindocs`` is only accessible to staff users. :mod:`django.contrib.auth` ^^^^^^^^^^^^^^^^^^^^^^^^^^ Loading Loading
docs/releases/1.7.1.txt +6 −0 Original line number Diff line number Diff line Loading @@ -91,3 +91,9 @@ Bugfixes (:ticket:`23560`). * Fixed ``deepcopy`` on ``ErrorList`` (:ticket:`23594`). * Made the :mod:`~django.contrib.admindocs` view to browse view details check if the view specified in the URL exists in the URLconf. Previously it was possible to import arbitrary packages from the Python path. This was not considered a security issue because ``admindocs`` is only accessible to staff users (:ticket:`23601`).
docs/releases/1.8.txt +0 −8 Original line number Diff line number Diff line Loading @@ -76,14 +76,6 @@ Minor features <django.contrib.admin.ModelAdmin.show_full_result_count>` to control whether or not the full count of objects should be displayed on a filtered admin page. :mod:`django.contrib.admindocs` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * The view to browse view details now checks if the view specified in the URL exists in the URLconf. Previously it was possible to import arbitrary packages from the Python path. This was not considered a security issue because ``admindocs`` is only accessible to staff users. :mod:`django.contrib.auth` ^^^^^^^^^^^^^^^^^^^^^^^^^^ Loading
