Branch: refs/heads/stable/1.4.x
Home: https://github.com/django/django
Commit: 9936fdb11d0bbf0bd242f259bfb97bbf849d16f8
https://github.com/django/django/commit/9936fdb11d0bbf0bd242f259bfb97bbf849d16f8
Author: Carl Meyer <c...@oddbird.net>
Date: 2013-02-19 (Tue, 19 Feb 2013)
Changed paths:
M django/conf/global_settings.py
M django/conf/project_template/project_name/settings.py
M django/contrib/auth/tests/views.py
M django/contrib/contenttypes/tests.py
M django/contrib/sites/tests.py
M django/http/__init__.py
M django/test/utils.py
M docs/ref/settings.txt
A docs/releases/1.4.4.txt
M docs/releases/index.txt
M docs/topics/security.txt
M tests/regressiontests/csrf_tests/tests.py
M tests/regressiontests/requests/tests.py
Log Message:
-----------
[1.4.x] Added ALLOWED_HOSTS setting for HTTP host header validation.
This is a security fix; disclosure and advisory coming shortly.
Commit: 1c60d07ba23e0350351c278ad28d0bd5aa410b40
https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40
Author: Carl Meyer <c...@oddbird.net>
Date: 2013-02-19 (Tue, 19 Feb 2013)
Changed paths:
M django/core/serializers/xml_serializer.py
M tests/regressiontests/serializers_regress/tests.py
Log Message:
-----------
[1.4.x] Restrict the XML deserializer to prevent network and entity-expansion
DoS attacks.
This is a security fix. Disclosure and advisory coming shortly.
Commit: 0e7861aec73702f7933ce2a93056f7983939f0d6
https://github.com/django/django/commit/0e7861aec73702f7933ce2a93056f7983939f0d6
Author: Carl Meyer <c...@oddbird.net>
Date: 2013-02-19 (Tue, 19 Feb 2013)
Changed paths:
M django/contrib/admin/options.py
M tests/regressiontests/admin_views/tests.py
Log Message:
-----------
[1.4.x] Checked object permissions on admin history view.
This is a security fix. Disclosure and advisory coming shortly.
Patch by Russell Keith-Magee.
Commit: 0cc350a896f70ace18280410eb616a9197d862b0
https://github.com/django/django/commit/0cc350a896f70ace18280410eb616a9197d862b0
Author: Aymeric Augustin <aymeric.augus...@m4x.org>
Date: 2013-02-19 (Tue, 19 Feb 2013)
Changed paths:
M django/forms/formsets.py
M docs/topics/forms/formsets.txt
M docs/topics/forms/modelforms.txt
M tests/regressiontests/forms/tests/formsets.py
M tests/regressiontests/generic_inline_admin/tests.py
Log Message:
-----------
[1.4.x] Added a default limit to the maximum number of forms in a formset.
This is a security fix. Disclosure and advisory coming shortly.
Commit: 62d5338bf208aea3e10b020d0cf65bd93dcc253f
https://github.com/django/django/commit/62d5338bf208aea3e10b020d0cf65bd93dcc253f
Author: Carl Meyer <c...@oddbird.net>
Date: 2013-02-19 (Tue, 19 Feb 2013)
Changed paths:
M docs/releases/1.4.4.txt
Log Message:
-----------
[1.4.x] Update 1.4.4 release notes for all security fixes.
Compare: https://github.com/django/django/compare/57b62a74cb44...62d5338bf208
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
