Loading docs/index.txt +1 −0 Original line number Diff line number Diff line Loading @@ -215,6 +215,7 @@ Security is a topic of paramount importance in the development of Web applications and Django provides multiple protection tools and mechanisms: * :doc:`Security overview <topics/security>` * :doc:`Disclosed security issues in Django <releases/security>` * :doc:`Clickjacking protection <ref/clickjacking>` * :doc:`Cross Site Request Forgery protection <ref/contrib/csrf>` * :doc:`Cryptographic signing <topics/signing>` Loading docs/internals/security.txt +2 −2 Original line number Diff line number Diff line Loading @@ -128,8 +128,8 @@ may privately contact and discuss those issues with the appropriate maintainers, and coordinate our own disclosure and resolution with theirs. The Django team also maintains an :ref:`archive of security issues disclosed in Django <security-releases>`. The Django team also maintains an :doc:`archive of security issues disclosed in Django</releases/security>`. .. _security-notifications: Loading docs/releases/index.txt +5 −4 Original line number Diff line number Diff line Loading @@ -115,12 +115,12 @@ Pre-1.0 releases Security releases ================= Whenever a security issue is disclosed via :ref:`Django's security policies <internals-security>`, appropriate release notes are now Whenever a security issue is disclosed via :doc:`Django's security policies </internals/security>`, appropriate release notes are now added to all affected release series. Additionally, :ref:`an archive of disclosed security issues <security-releases>` is maintained. Additionally, :doc:`an archive of disclosed security issues </releases/security>` is maintained. Development releases ==================== Loading @@ -132,6 +132,7 @@ notes. .. toctree:: :maxdepth: 1 security 1.5-beta-1 1.5-alpha-1 1.4-beta-1 Loading docs/releases/security.txt +81 −81 Original line number Diff line number Diff line Loading @@ -6,7 +6,7 @@ Archive of security issues Django's development team is strongly committed to responsible reporting and disclosure of security-related issues, as outlined in :ref:`Django's security policies <internals-security>`. :doc:`Django's security policies </internals/security>`. As part of that commitment, we maintain the following historical list of issues which have been fixed and disclosed. For each issue, the Loading Loading @@ -54,9 +54,9 @@ August 16, 2006 * Django 0.91 * `Full description <https://www.djangoproject.com/weblog/2006/aug/16/compilemessages/>`_ * `Full description <https://www.djangoproject.com/weblog/2006/aug/16/compilemessages/>`__ * Patch: `unified 0.90/0.91 <https://github.com/django/django/commit/518d406e53>`_ * Patch: `unified 0.90/0.91 <https://github.com/django/django/commit/518d406e53>`__ January 21, 2007 Loading @@ -64,7 +64,7 @@ January 21, 2007 * **Issues:** * Patch CVE-2007-0404 for Django 0.95 * Patch `CVE-2007-0404`_ for Django 0.95 * Apparent "caching" of authenticated user: `CVE-2007-0405 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0405&cid=3>`_ Loading @@ -72,13 +72,13 @@ January 21, 2007 * Django 0.95 * `Full description <https://www.djangoproject.com/weblog/2007/jan/21/0951/>`_ * `Full description <https://www.djangoproject.com/weblog/2007/jan/21/0951/>`__ * **Patches:** * `2006-08-26 issue <https://github.com/django/django/commit/a132d411c6>`_ * `2006-08-26 issue <https://github.com/django/django/commit/a132d411c6>`__ * `User caching issue <https://github.com/django/django/commit/e89f0a6558>`_ * `User caching issue <https://github.com/django/django/commit/e89f0a6558>`__ Loading @@ -104,15 +104,15 @@ October 26, 2007 * Django 0.96 * `Full description <https://www.djangoproject.com/weblog/2007/oct/26/security-fix/>`_ * `Full description <https://www.djangoproject.com/weblog/2007/oct/26/security-fix/>`__ * **Patches:** * `0.91 <https://github.com/django/django/commit/8bc36e726c9e8c75c681d3ad232df8e882aaac81>`_ * `0.91 <https://github.com/django/django/commit/8bc36e726c9e8c75c681d3ad232df8e882aaac81>`__ * `0.95 <https://github.com/django/django/commit/412ed22502e11c50dbfee854627594f0e7e2c234>`_ * `0.95 <https://github.com/django/django/commit/412ed22502e11c50dbfee854627594f0e7e2c234>`__ * `0.96 <https://github.com/django/django/commit/7dd2dd08a79e388732ce00e2b5514f15bd6d0f6f>`_ * `0.96 <https://github.com/django/django/commit/7dd2dd08a79e388732ce00e2b5514f15bd6d0f6f>`__ May 14, 2008 Loading @@ -130,15 +130,15 @@ May 14, 2008 * Django 0.96 * `Full description <https://www.djangoproject.com/weblog/2008/may/14/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2008/may/14/security/>`__ * **Patches:** * `0.91 <https://github.com/django/django/commit/50ce7fb57d>`_ * `0.91 <https://github.com/django/django/commit/50ce7fb57d>`__ * `0.95 <https://github.com/django/django/commit/50ce7fb57d>`_ * `0.95 <https://github.com/django/django/commit/50ce7fb57d>`__ * `0.96 <https://github.com/django/django/commit/7791e5c050>`_ * `0.96 <https://github.com/django/django/commit/7791e5c050>`__ September 2, 2008 Loading @@ -156,15 +156,15 @@ September 2, 2008 * Django 0.96 * `Full description <https://www.djangoproject.com/weblog/2008/sep/02/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2008/sep/02/security/>`__ * **Patches:** * `0.91 <https://github.com/django/django/commit/44debfeaa4473bd28872c735dd3d9afde6886752>`_ * `0.91 <https://github.com/django/django/commit/44debfeaa4473bd28872c735dd3d9afde6886752>`__ * `0.95 <https://github.com/django/django/commit/aee48854a164382c655acb9f18b3c06c3d238e81>`_ * `0.95 <https://github.com/django/django/commit/aee48854a164382c655acb9f18b3c06c3d238e81>`__ * `0.96 <https://github.com/django/django/commit/7e0972bded362bc4b851c109df2c8a6548481a8e>`_ * `0.96 <https://github.com/django/django/commit/7e0972bded362bc4b851c109df2c8a6548481a8e>`__ July 28, 2009 Loading @@ -180,13 +180,13 @@ July 28, 2009 * Django 1.0 * `Full description <https://www.djangoproject.com/weblog/2009/jul/28/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2009/jul/28/security/>`__ * **Patches:** * `0.96 <https://github.com/django/django/commit/da85d76fd6>`_ * `0.96 <https://github.com/django/django/commit/da85d76fd6>`__ * `1.0 <https://github.com/django/django/commit/df7f917b7f>`_ * `1.0 <https://github.com/django/django/commit/df7f917b7f>`__ October 9, 2009 Loading @@ -202,13 +202,13 @@ October 9, 2009 * Django 1.1 * `Full description <https://www.djangoproject.com/weblog/2009/oct/09/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2009/oct/09/security/>`__ * **Patches:** * `1.0 <https://github.com/django/django/commit/594a28a904>`_ * `1.0 <https://github.com/django/django/commit/594a28a904>`__ * `1.1 <https://github.com/django/django/commit/e3e992e18b>`_ * `1.1 <https://github.com/django/django/commit/e3e992e18b>`__ September 8, 2010 Loading @@ -222,11 +222,11 @@ September 8, 2010 * Django 1.2 * `Full description <https://www.djangoproject.com/weblog/2010/sep/08/security-release/>`_ * `Full description <https://www.djangoproject.com/weblog/2010/sep/08/security-release/>`__ * **Patches:** * `1.2 <https://github.com/django/django/commit/7f84657b6b>`_ * `1.2 <https://github.com/django/django/commit/7f84657b6b>`__ December 22, 2010 Loading @@ -244,17 +244,17 @@ December 22, 2010 * Django 1.2 * `Full description <https://www.djangoproject.com/weblog/2010/dec/22/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2010/dec/22/security/>`__ * **Patches:** * `1.1 CVE-2010-4534 <https://github.com/django/django/commit/17084839fd>`_ * `1.1 CVE-2010-4534 <https://github.com/django/django/commit/17084839fd>`__ * `1.1 CVE-2010-4535 <https://github.com/django/django/commit/7f8dd9cbac>`_ * `1.1 CVE-2010-4535 <https://github.com/django/django/commit/7f8dd9cbac>`__ * `1.2 CVE-2010-4534 <https://github.com/django/django/commit/85207a245b>`_ * `1.2 CVE-2010-4534 <https://github.com/django/django/commit/85207a245b>`__ * `1.2 CVE-2010-4535 <https://github.com/django/django/commit/d5d8942a16>`_ * `1.2 CVE-2010-4535 <https://github.com/django/django/commit/d5d8942a16>`__ February 8, 2011 Loading @@ -274,21 +274,21 @@ February 8, 2011 * Django 1.2 * `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`__ * **Patches:** * `1.1 CVE-2010-0696 <https://github.com/django/django/commit/408c5c873c>`_ * `1.1 CVE-2010-0696 <https://github.com/django/django/commit/408c5c873c>`__ * `1.1 CVE-2010-0697 <https://github.com/django/django/commit/1966786d2d>`_ * `1.1 CVE-2010-0697 <https://github.com/django/django/commit/1966786d2d>`__ * `1.1 CVE-2010-0698 <https://github.com/django/django/commit/570a32a047>`_ * `1.1 CVE-2010-0698 <https://github.com/django/django/commit/570a32a047>`__ * `1.2 CVE-2010-0696 <https://github.com/django/django/commit/818e70344e>`_ * `1.2 CVE-2010-0696 <https://github.com/django/django/commit/818e70344e>`__ * `1.2 CVE-2010-0697 <https://github.com/django/django/commit/1f814a9547>`_ * `1.2 CVE-2010-0697 <https://github.com/django/django/commit/1f814a9547>`__ * `1.2 CVE-2010-0698 <https://github.com/django/django/commit/194566480b>`_ * `1.2 CVE-2010-0698 <https://github.com/django/django/commit/194566480b>`__ September 9, 2011 Loading @@ -314,21 +314,21 @@ September 9, 2011 * Django 1.3 * `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`_ * `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__ * **Patches:** * `1.2 CVE-2011-4136 <https://github.com/django/django/commit/ac7c3a110f>`_ * `1.2 CVE-2011-4136 <https://github.com/django/django/commit/ac7c3a110f>`__ * `1.2 CVE-2011-4137 and CVE-2011-4138 <https://github.com/django/django/commit/7268f8af86>`_ * `1.2 CVE-2011-4137 and CVE-2011-4138 <https://github.com/django/django/commit/7268f8af86>`__ * `1.2 CVE-2011-4139 <https://github.com/django/django/commit/c613af4d64>`_ * `1.2 CVE-2011-4139 <https://github.com/django/django/commit/c613af4d64>`__ * `1.3 CVE-2011-4136 <https://github.com/django/django/commit/fbe2eead2f>`_ * `1.3 CVE-2011-4136 <https://github.com/django/django/commit/fbe2eead2f>`__ * `1.3 CVE-2011-4137 and CVE-2011-4138 <https://github.com/django/django/commit/1a76dbefdf>`_ * `1.3 CVE-2011-4137 and CVE-2011-4138 <https://github.com/django/django/commit/1a76dbefdf>`__ * `1.3 CVE-2011-4139 <https://github.com/django/django/commit/2f7fadc38e>`_ * `1.3 CVE-2011-4139 <https://github.com/django/django/commit/2f7fadc38e>`__ July 30, 2012 Loading @@ -348,21 +348,21 @@ July 30, 2012 * Django 1.4 * `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`_ * `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`__ * **Patches:** * `1.3 CVE-2012-3442 <https://github.com/django/django/commit/4dea4883e6c50d75f215a6b9bcbd95273f57c72d>`_ * `1.3 CVE-2012-3442 <https://github.com/django/django/commit/4dea4883e6c50d75f215a6b9bcbd95273f57c72d>`__ * `1.3 CVE-2012-3443 <https://github.com/django/django/commit/b2eb4787a0fff9c9993b78be5c698e85108f3446>`_ * `1.3 CVE-2012-3443 <https://github.com/django/django/commit/b2eb4787a0fff9c9993b78be5c698e85108f3446>`__ * `1.3 CVE-2012-3444 <https://github.com/django/django/commit/9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155>`_ * `1.3 CVE-2012-3444 <https://github.com/django/django/commit/9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155>`__ * `1.4 CVE-2012-3442 <https://github.com/django/django/commit/e34685034b60be1112160e76091e5aee60149fa1>`_ * `1.4 CVE-2012-3442 <https://github.com/django/django/commit/e34685034b60be1112160e76091e5aee60149fa1>`__ * `1.4 CVE-2012-3443 <https://github.com/django/django/commit/c14f325c4eef628bc7bfd8873c3a72aeb0219141>`_ * `1.4 CVE-2012-3443 <https://github.com/django/django/commit/c14f325c4eef628bc7bfd8873c3a72aeb0219141>`__ * `1.4 CVE-2012-3444 <https://github.com/django/django/commit/da33d67181b53fe6cc737ac1220153814a1509f6>`_ * `1.4 CVE-2012-3444 <https://github.com/django/django/commit/da33d67181b53fe6cc737ac1220153814a1509f6>`__ October 17, 2012 Loading @@ -378,13 +378,13 @@ October 17, 2012 * Django 1.4 * `Full description <https://www.djangoproject.com/weblog/2012/oct/17/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2012/oct/17/security/>`__ * **Patches:** * `1.3 <https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071>`_ * `1.3 <https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071>`__ * `1.4 <https://github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3>`_ * `1.4 <https://github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3>`__ December 10, 2012 Loading @@ -402,17 +402,17 @@ December 10, 2012 * Django 1.4 * `Full description <https://www.djangoproject.com/weblog/2012/dec/10/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2012/dec/10/security/>`__ * **Patches:** * `1.3 Host hardening <https://github.com/django/django/commit/2da4ace0bc1bc1d79bf43b368cb857f6f0cd6b1b>`_ * `1.3 Host hardening <https://github.com/django/django/commit/2da4ace0bc1bc1d79bf43b368cb857f6f0cd6b1b>`__ * `1.3 redirect hardening <https://github.com/django/django/commit/1515eb46daa0897ba5ad5f0a2db8969255f1b343>`_ * `1.3 redirect hardening <https://github.com/django/django/commit/1515eb46daa0897ba5ad5f0a2db8969255f1b343>`__ * `1.4 Host hardening <https://github.com/django/django/commit/319627c184e71ae267d6b7f000e293168c7b6e09>`_ * `1.4 Host hardening <https://github.com/django/django/commit/319627c184e71ae267d6b7f000e293168c7b6e09>`__ * `1.4 redirect hardning <https://github.com/django/django/commit/b2ae0a63aeec741f1e51bac9a95a27fd635f9652>`_ * `1.4 redirect hardning <https://github.com/django/django/commit/b2ae0a63aeec741f1e51bac9a95a27fd635f9652>`__ February 19, 2013 Loading @@ -434,25 +434,25 @@ February 19, 2013 * Django 1.4 * `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`__ * **Patches:** * `1.3 Host hardening <https://github.com/django/django/commit/27cd872e6e36a81d0bb6f5b8765a1705fecfc253>`_ * `1.3 Host hardening <https://github.com/django/django/commit/27cd872e6e36a81d0bb6f5b8765a1705fecfc253>`__ * `1.3 XML attacks <https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112>`_ * `1.3 XML attacks <https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112>`__ * `1.3 CVE-2013-0305 <https://github.com/django/django/commit/d3a45e10c8ac8268899999129daa27652ec0da35>`_ * `1.3 CVE-2013-0305 <https://github.com/django/django/commit/d3a45e10c8ac8268899999129daa27652ec0da35>`__ * `1.3 CVE-2013-0306 <https://github.com/django/django/commit/d7094bbce8cb838f3b40f504f198c098ff1cf727>`_ * `1.3 CVE-2013-0306 <https://github.com/django/django/commit/d7094bbce8cb838f3b40f504f198c098ff1cf727>`__ * `1.4 Host hardening <https://github.com/django/django/commit/9936fdb11d0bbf0bd242f259bfb97bbf849d16f8>`_ * `1.4 Host hardening <https://github.com/django/django/commit/9936fdb11d0bbf0bd242f259bfb97bbf849d16f8>`__ * `1.4 XML attacks <https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40>`_ * `1.4 XML attacks <https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40>`__ * `1.4 CVE-2013-0305 <https://github.com/django/django/commit/0e7861aec73702f7933ce2a93056f7983939f0d6>`_ * `1.4 CVE-2013-0305 <https://github.com/django/django/commit/0e7861aec73702f7933ce2a93056f7983939f0d6>`__ * `1.4 CVE-2013-0306 <https://github.com/django/django/commit/0cc350a896f70ace18280410eb616a9197d862b0>`_ * `1.4 CVE-2013-0306 <https://github.com/django/django/commit/0cc350a896f70ace18280410eb616a9197d862b0>`__ August 13, 2013 Loading @@ -470,15 +470,15 @@ August 13, 2013 * Django 1.5 * `Full description <https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/>`_ * `Full description <https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/>`__ * **Patches:** * `1.4 redirect validation <https://github.com/django/django/commit/ec67af0bd609c412b76eaa4cc89968a2a8e5ad6a>`_ * `1.4 redirect validation <https://github.com/django/django/commit/ec67af0bd609c412b76eaa4cc89968a2a8e5ad6a>`__ * `1.5 URLField trusting <https://github.com/django/django/commit/90363e388c61874add3f3557ee654a996ec75d78>`_ * `1.5 URLField trusting <https://github.com/django/django/commit/90363e388c61874add3f3557ee654a996ec75d78>`__ * `1.5 redirect validation <https://github.com/django/django/commit/1a274ccd6bc1afbdac80344c9b6e5810c1162b5f>`_ * `1.5 redirect validation <https://github.com/django/django/commit/1a274ccd6bc1afbdac80344c9b6e5810c1162b5f>`__ September 10, 2013 Loading @@ -494,13 +494,13 @@ September 10, 2013 * Django 1.5 * `Full description <https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/>`_ * `Full description <https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/>`__ * **Patches:** * `1.4 CVE-2013-4315 <https://github.com/django/django/commit/87d2750b39f6f2d54b7047225521a44dcd37e896>`_ * `1.4 CVE-2013-4315 <https://github.com/django/django/commit/87d2750b39f6f2d54b7047225521a44dcd37e896>`__ * `1.5 CVE-2013-4315 <https://github.com/django/django/commit/988b61c550d798f9a66d17ee0511fb7a9a7f33ca>`_ * `1.5 CVE-2013-4315 <https://github.com/django/django/commit/988b61c550d798f9a66d17ee0511fb7a9a7f33ca>`__ September 14, 2013 Loading @@ -516,12 +516,12 @@ September 14, 2013 * Django 1.5 * `Full description <https://www.djangoproject.com/weblog/2013/sep/15/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2013/sep/15/security/>`__ * **Patches:** * `1.4 CVE-2013-1443 <https://github.com/django/django/commit/3f3d887a6844ec2db743fee64c9e53e04d39a368>`_ and `Python compatibility fix <https://github.com/django/django/commit/6903d1690a92aa040adfb0c8eb37cf62e4206714>`_ * `1.4 CVE-2013-1443 <https://github.com/django/django/commit/3f3d887a6844ec2db743fee64c9e53e04d39a368>`__ and `Python compatibility fix <https://github.com/django/django/commit/6903d1690a92aa040adfb0c8eb37cf62e4206714>`__ * `1.5 CVE-2013-1443 <https://github.com/django/django/commit/22b74fa09d7ccbc8c52270d648a0da7f3f0fa2bc>`_ * `1.5 CVE-2013-1443 <https://github.com/django/django/commit/22b74fa09d7ccbc8c52270d648a0da7f3f0fa2bc>`__ Loading
docs/index.txt +1 −0 Original line number Diff line number Diff line Loading @@ -215,6 +215,7 @@ Security is a topic of paramount importance in the development of Web applications and Django provides multiple protection tools and mechanisms: * :doc:`Security overview <topics/security>` * :doc:`Disclosed security issues in Django <releases/security>` * :doc:`Clickjacking protection <ref/clickjacking>` * :doc:`Cross Site Request Forgery protection <ref/contrib/csrf>` * :doc:`Cryptographic signing <topics/signing>` Loading
docs/internals/security.txt +2 −2 Original line number Diff line number Diff line Loading @@ -128,8 +128,8 @@ may privately contact and discuss those issues with the appropriate maintainers, and coordinate our own disclosure and resolution with theirs. The Django team also maintains an :ref:`archive of security issues disclosed in Django <security-releases>`. The Django team also maintains an :doc:`archive of security issues disclosed in Django</releases/security>`. .. _security-notifications: Loading
docs/releases/index.txt +5 −4 Original line number Diff line number Diff line Loading @@ -115,12 +115,12 @@ Pre-1.0 releases Security releases ================= Whenever a security issue is disclosed via :ref:`Django's security policies <internals-security>`, appropriate release notes are now Whenever a security issue is disclosed via :doc:`Django's security policies </internals/security>`, appropriate release notes are now added to all affected release series. Additionally, :ref:`an archive of disclosed security issues <security-releases>` is maintained. Additionally, :doc:`an archive of disclosed security issues </releases/security>` is maintained. Development releases ==================== Loading @@ -132,6 +132,7 @@ notes. .. toctree:: :maxdepth: 1 security 1.5-beta-1 1.5-alpha-1 1.4-beta-1 Loading
docs/releases/security.txt +81 −81 Original line number Diff line number Diff line Loading @@ -6,7 +6,7 @@ Archive of security issues Django's development team is strongly committed to responsible reporting and disclosure of security-related issues, as outlined in :ref:`Django's security policies <internals-security>`. :doc:`Django's security policies </internals/security>`. As part of that commitment, we maintain the following historical list of issues which have been fixed and disclosed. For each issue, the Loading Loading @@ -54,9 +54,9 @@ August 16, 2006 * Django 0.91 * `Full description <https://www.djangoproject.com/weblog/2006/aug/16/compilemessages/>`_ * `Full description <https://www.djangoproject.com/weblog/2006/aug/16/compilemessages/>`__ * Patch: `unified 0.90/0.91 <https://github.com/django/django/commit/518d406e53>`_ * Patch: `unified 0.90/0.91 <https://github.com/django/django/commit/518d406e53>`__ January 21, 2007 Loading @@ -64,7 +64,7 @@ January 21, 2007 * **Issues:** * Patch CVE-2007-0404 for Django 0.95 * Patch `CVE-2007-0404`_ for Django 0.95 * Apparent "caching" of authenticated user: `CVE-2007-0405 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0405&cid=3>`_ Loading @@ -72,13 +72,13 @@ January 21, 2007 * Django 0.95 * `Full description <https://www.djangoproject.com/weblog/2007/jan/21/0951/>`_ * `Full description <https://www.djangoproject.com/weblog/2007/jan/21/0951/>`__ * **Patches:** * `2006-08-26 issue <https://github.com/django/django/commit/a132d411c6>`_ * `2006-08-26 issue <https://github.com/django/django/commit/a132d411c6>`__ * `User caching issue <https://github.com/django/django/commit/e89f0a6558>`_ * `User caching issue <https://github.com/django/django/commit/e89f0a6558>`__ Loading @@ -104,15 +104,15 @@ October 26, 2007 * Django 0.96 * `Full description <https://www.djangoproject.com/weblog/2007/oct/26/security-fix/>`_ * `Full description <https://www.djangoproject.com/weblog/2007/oct/26/security-fix/>`__ * **Patches:** * `0.91 <https://github.com/django/django/commit/8bc36e726c9e8c75c681d3ad232df8e882aaac81>`_ * `0.91 <https://github.com/django/django/commit/8bc36e726c9e8c75c681d3ad232df8e882aaac81>`__ * `0.95 <https://github.com/django/django/commit/412ed22502e11c50dbfee854627594f0e7e2c234>`_ * `0.95 <https://github.com/django/django/commit/412ed22502e11c50dbfee854627594f0e7e2c234>`__ * `0.96 <https://github.com/django/django/commit/7dd2dd08a79e388732ce00e2b5514f15bd6d0f6f>`_ * `0.96 <https://github.com/django/django/commit/7dd2dd08a79e388732ce00e2b5514f15bd6d0f6f>`__ May 14, 2008 Loading @@ -130,15 +130,15 @@ May 14, 2008 * Django 0.96 * `Full description <https://www.djangoproject.com/weblog/2008/may/14/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2008/may/14/security/>`__ * **Patches:** * `0.91 <https://github.com/django/django/commit/50ce7fb57d>`_ * `0.91 <https://github.com/django/django/commit/50ce7fb57d>`__ * `0.95 <https://github.com/django/django/commit/50ce7fb57d>`_ * `0.95 <https://github.com/django/django/commit/50ce7fb57d>`__ * `0.96 <https://github.com/django/django/commit/7791e5c050>`_ * `0.96 <https://github.com/django/django/commit/7791e5c050>`__ September 2, 2008 Loading @@ -156,15 +156,15 @@ September 2, 2008 * Django 0.96 * `Full description <https://www.djangoproject.com/weblog/2008/sep/02/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2008/sep/02/security/>`__ * **Patches:** * `0.91 <https://github.com/django/django/commit/44debfeaa4473bd28872c735dd3d9afde6886752>`_ * `0.91 <https://github.com/django/django/commit/44debfeaa4473bd28872c735dd3d9afde6886752>`__ * `0.95 <https://github.com/django/django/commit/aee48854a164382c655acb9f18b3c06c3d238e81>`_ * `0.95 <https://github.com/django/django/commit/aee48854a164382c655acb9f18b3c06c3d238e81>`__ * `0.96 <https://github.com/django/django/commit/7e0972bded362bc4b851c109df2c8a6548481a8e>`_ * `0.96 <https://github.com/django/django/commit/7e0972bded362bc4b851c109df2c8a6548481a8e>`__ July 28, 2009 Loading @@ -180,13 +180,13 @@ July 28, 2009 * Django 1.0 * `Full description <https://www.djangoproject.com/weblog/2009/jul/28/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2009/jul/28/security/>`__ * **Patches:** * `0.96 <https://github.com/django/django/commit/da85d76fd6>`_ * `0.96 <https://github.com/django/django/commit/da85d76fd6>`__ * `1.0 <https://github.com/django/django/commit/df7f917b7f>`_ * `1.0 <https://github.com/django/django/commit/df7f917b7f>`__ October 9, 2009 Loading @@ -202,13 +202,13 @@ October 9, 2009 * Django 1.1 * `Full description <https://www.djangoproject.com/weblog/2009/oct/09/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2009/oct/09/security/>`__ * **Patches:** * `1.0 <https://github.com/django/django/commit/594a28a904>`_ * `1.0 <https://github.com/django/django/commit/594a28a904>`__ * `1.1 <https://github.com/django/django/commit/e3e992e18b>`_ * `1.1 <https://github.com/django/django/commit/e3e992e18b>`__ September 8, 2010 Loading @@ -222,11 +222,11 @@ September 8, 2010 * Django 1.2 * `Full description <https://www.djangoproject.com/weblog/2010/sep/08/security-release/>`_ * `Full description <https://www.djangoproject.com/weblog/2010/sep/08/security-release/>`__ * **Patches:** * `1.2 <https://github.com/django/django/commit/7f84657b6b>`_ * `1.2 <https://github.com/django/django/commit/7f84657b6b>`__ December 22, 2010 Loading @@ -244,17 +244,17 @@ December 22, 2010 * Django 1.2 * `Full description <https://www.djangoproject.com/weblog/2010/dec/22/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2010/dec/22/security/>`__ * **Patches:** * `1.1 CVE-2010-4534 <https://github.com/django/django/commit/17084839fd>`_ * `1.1 CVE-2010-4534 <https://github.com/django/django/commit/17084839fd>`__ * `1.1 CVE-2010-4535 <https://github.com/django/django/commit/7f8dd9cbac>`_ * `1.1 CVE-2010-4535 <https://github.com/django/django/commit/7f8dd9cbac>`__ * `1.2 CVE-2010-4534 <https://github.com/django/django/commit/85207a245b>`_ * `1.2 CVE-2010-4534 <https://github.com/django/django/commit/85207a245b>`__ * `1.2 CVE-2010-4535 <https://github.com/django/django/commit/d5d8942a16>`_ * `1.2 CVE-2010-4535 <https://github.com/django/django/commit/d5d8942a16>`__ February 8, 2011 Loading @@ -274,21 +274,21 @@ February 8, 2011 * Django 1.2 * `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`__ * **Patches:** * `1.1 CVE-2010-0696 <https://github.com/django/django/commit/408c5c873c>`_ * `1.1 CVE-2010-0696 <https://github.com/django/django/commit/408c5c873c>`__ * `1.1 CVE-2010-0697 <https://github.com/django/django/commit/1966786d2d>`_ * `1.1 CVE-2010-0697 <https://github.com/django/django/commit/1966786d2d>`__ * `1.1 CVE-2010-0698 <https://github.com/django/django/commit/570a32a047>`_ * `1.1 CVE-2010-0698 <https://github.com/django/django/commit/570a32a047>`__ * `1.2 CVE-2010-0696 <https://github.com/django/django/commit/818e70344e>`_ * `1.2 CVE-2010-0696 <https://github.com/django/django/commit/818e70344e>`__ * `1.2 CVE-2010-0697 <https://github.com/django/django/commit/1f814a9547>`_ * `1.2 CVE-2010-0697 <https://github.com/django/django/commit/1f814a9547>`__ * `1.2 CVE-2010-0698 <https://github.com/django/django/commit/194566480b>`_ * `1.2 CVE-2010-0698 <https://github.com/django/django/commit/194566480b>`__ September 9, 2011 Loading @@ -314,21 +314,21 @@ September 9, 2011 * Django 1.3 * `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`_ * `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__ * **Patches:** * `1.2 CVE-2011-4136 <https://github.com/django/django/commit/ac7c3a110f>`_ * `1.2 CVE-2011-4136 <https://github.com/django/django/commit/ac7c3a110f>`__ * `1.2 CVE-2011-4137 and CVE-2011-4138 <https://github.com/django/django/commit/7268f8af86>`_ * `1.2 CVE-2011-4137 and CVE-2011-4138 <https://github.com/django/django/commit/7268f8af86>`__ * `1.2 CVE-2011-4139 <https://github.com/django/django/commit/c613af4d64>`_ * `1.2 CVE-2011-4139 <https://github.com/django/django/commit/c613af4d64>`__ * `1.3 CVE-2011-4136 <https://github.com/django/django/commit/fbe2eead2f>`_ * `1.3 CVE-2011-4136 <https://github.com/django/django/commit/fbe2eead2f>`__ * `1.3 CVE-2011-4137 and CVE-2011-4138 <https://github.com/django/django/commit/1a76dbefdf>`_ * `1.3 CVE-2011-4137 and CVE-2011-4138 <https://github.com/django/django/commit/1a76dbefdf>`__ * `1.3 CVE-2011-4139 <https://github.com/django/django/commit/2f7fadc38e>`_ * `1.3 CVE-2011-4139 <https://github.com/django/django/commit/2f7fadc38e>`__ July 30, 2012 Loading @@ -348,21 +348,21 @@ July 30, 2012 * Django 1.4 * `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`_ * `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`__ * **Patches:** * `1.3 CVE-2012-3442 <https://github.com/django/django/commit/4dea4883e6c50d75f215a6b9bcbd95273f57c72d>`_ * `1.3 CVE-2012-3442 <https://github.com/django/django/commit/4dea4883e6c50d75f215a6b9bcbd95273f57c72d>`__ * `1.3 CVE-2012-3443 <https://github.com/django/django/commit/b2eb4787a0fff9c9993b78be5c698e85108f3446>`_ * `1.3 CVE-2012-3443 <https://github.com/django/django/commit/b2eb4787a0fff9c9993b78be5c698e85108f3446>`__ * `1.3 CVE-2012-3444 <https://github.com/django/django/commit/9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155>`_ * `1.3 CVE-2012-3444 <https://github.com/django/django/commit/9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155>`__ * `1.4 CVE-2012-3442 <https://github.com/django/django/commit/e34685034b60be1112160e76091e5aee60149fa1>`_ * `1.4 CVE-2012-3442 <https://github.com/django/django/commit/e34685034b60be1112160e76091e5aee60149fa1>`__ * `1.4 CVE-2012-3443 <https://github.com/django/django/commit/c14f325c4eef628bc7bfd8873c3a72aeb0219141>`_ * `1.4 CVE-2012-3443 <https://github.com/django/django/commit/c14f325c4eef628bc7bfd8873c3a72aeb0219141>`__ * `1.4 CVE-2012-3444 <https://github.com/django/django/commit/da33d67181b53fe6cc737ac1220153814a1509f6>`_ * `1.4 CVE-2012-3444 <https://github.com/django/django/commit/da33d67181b53fe6cc737ac1220153814a1509f6>`__ October 17, 2012 Loading @@ -378,13 +378,13 @@ October 17, 2012 * Django 1.4 * `Full description <https://www.djangoproject.com/weblog/2012/oct/17/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2012/oct/17/security/>`__ * **Patches:** * `1.3 <https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071>`_ * `1.3 <https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071>`__ * `1.4 <https://github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3>`_ * `1.4 <https://github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3>`__ December 10, 2012 Loading @@ -402,17 +402,17 @@ December 10, 2012 * Django 1.4 * `Full description <https://www.djangoproject.com/weblog/2012/dec/10/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2012/dec/10/security/>`__ * **Patches:** * `1.3 Host hardening <https://github.com/django/django/commit/2da4ace0bc1bc1d79bf43b368cb857f6f0cd6b1b>`_ * `1.3 Host hardening <https://github.com/django/django/commit/2da4ace0bc1bc1d79bf43b368cb857f6f0cd6b1b>`__ * `1.3 redirect hardening <https://github.com/django/django/commit/1515eb46daa0897ba5ad5f0a2db8969255f1b343>`_ * `1.3 redirect hardening <https://github.com/django/django/commit/1515eb46daa0897ba5ad5f0a2db8969255f1b343>`__ * `1.4 Host hardening <https://github.com/django/django/commit/319627c184e71ae267d6b7f000e293168c7b6e09>`_ * `1.4 Host hardening <https://github.com/django/django/commit/319627c184e71ae267d6b7f000e293168c7b6e09>`__ * `1.4 redirect hardning <https://github.com/django/django/commit/b2ae0a63aeec741f1e51bac9a95a27fd635f9652>`_ * `1.4 redirect hardning <https://github.com/django/django/commit/b2ae0a63aeec741f1e51bac9a95a27fd635f9652>`__ February 19, 2013 Loading @@ -434,25 +434,25 @@ February 19, 2013 * Django 1.4 * `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`__ * **Patches:** * `1.3 Host hardening <https://github.com/django/django/commit/27cd872e6e36a81d0bb6f5b8765a1705fecfc253>`_ * `1.3 Host hardening <https://github.com/django/django/commit/27cd872e6e36a81d0bb6f5b8765a1705fecfc253>`__ * `1.3 XML attacks <https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112>`_ * `1.3 XML attacks <https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112>`__ * `1.3 CVE-2013-0305 <https://github.com/django/django/commit/d3a45e10c8ac8268899999129daa27652ec0da35>`_ * `1.3 CVE-2013-0305 <https://github.com/django/django/commit/d3a45e10c8ac8268899999129daa27652ec0da35>`__ * `1.3 CVE-2013-0306 <https://github.com/django/django/commit/d7094bbce8cb838f3b40f504f198c098ff1cf727>`_ * `1.3 CVE-2013-0306 <https://github.com/django/django/commit/d7094bbce8cb838f3b40f504f198c098ff1cf727>`__ * `1.4 Host hardening <https://github.com/django/django/commit/9936fdb11d0bbf0bd242f259bfb97bbf849d16f8>`_ * `1.4 Host hardening <https://github.com/django/django/commit/9936fdb11d0bbf0bd242f259bfb97bbf849d16f8>`__ * `1.4 XML attacks <https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40>`_ * `1.4 XML attacks <https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40>`__ * `1.4 CVE-2013-0305 <https://github.com/django/django/commit/0e7861aec73702f7933ce2a93056f7983939f0d6>`_ * `1.4 CVE-2013-0305 <https://github.com/django/django/commit/0e7861aec73702f7933ce2a93056f7983939f0d6>`__ * `1.4 CVE-2013-0306 <https://github.com/django/django/commit/0cc350a896f70ace18280410eb616a9197d862b0>`_ * `1.4 CVE-2013-0306 <https://github.com/django/django/commit/0cc350a896f70ace18280410eb616a9197d862b0>`__ August 13, 2013 Loading @@ -470,15 +470,15 @@ August 13, 2013 * Django 1.5 * `Full description <https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/>`_ * `Full description <https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/>`__ * **Patches:** * `1.4 redirect validation <https://github.com/django/django/commit/ec67af0bd609c412b76eaa4cc89968a2a8e5ad6a>`_ * `1.4 redirect validation <https://github.com/django/django/commit/ec67af0bd609c412b76eaa4cc89968a2a8e5ad6a>`__ * `1.5 URLField trusting <https://github.com/django/django/commit/90363e388c61874add3f3557ee654a996ec75d78>`_ * `1.5 URLField trusting <https://github.com/django/django/commit/90363e388c61874add3f3557ee654a996ec75d78>`__ * `1.5 redirect validation <https://github.com/django/django/commit/1a274ccd6bc1afbdac80344c9b6e5810c1162b5f>`_ * `1.5 redirect validation <https://github.com/django/django/commit/1a274ccd6bc1afbdac80344c9b6e5810c1162b5f>`__ September 10, 2013 Loading @@ -494,13 +494,13 @@ September 10, 2013 * Django 1.5 * `Full description <https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/>`_ * `Full description <https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/>`__ * **Patches:** * `1.4 CVE-2013-4315 <https://github.com/django/django/commit/87d2750b39f6f2d54b7047225521a44dcd37e896>`_ * `1.4 CVE-2013-4315 <https://github.com/django/django/commit/87d2750b39f6f2d54b7047225521a44dcd37e896>`__ * `1.5 CVE-2013-4315 <https://github.com/django/django/commit/988b61c550d798f9a66d17ee0511fb7a9a7f33ca>`_ * `1.5 CVE-2013-4315 <https://github.com/django/django/commit/988b61c550d798f9a66d17ee0511fb7a9a7f33ca>`__ September 14, 2013 Loading @@ -516,12 +516,12 @@ September 14, 2013 * Django 1.5 * `Full description <https://www.djangoproject.com/weblog/2013/sep/15/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2013/sep/15/security/>`__ * **Patches:** * `1.4 CVE-2013-1443 <https://github.com/django/django/commit/3f3d887a6844ec2db743fee64c9e53e04d39a368>`_ and `Python compatibility fix <https://github.com/django/django/commit/6903d1690a92aa040adfb0c8eb37cf62e4206714>`_ * `1.4 CVE-2013-1443 <https://github.com/django/django/commit/3f3d887a6844ec2db743fee64c9e53e04d39a368>`__ and `Python compatibility fix <https://github.com/django/django/commit/6903d1690a92aa040adfb0c8eb37cf62e4206714>`__ * `1.5 CVE-2013-1443 <https://github.com/django/django/commit/22b74fa09d7ccbc8c52270d648a0da7f3f0fa2bc>`_ * `1.5 CVE-2013-1443 <https://github.com/django/django/commit/22b74fa09d7ccbc8c52270d648a0da7f3f0fa2bc>`__
