#15821: Django 1.3 release notes links to wrong "security issues" page ---------------------------+------------------------------ Reporter: semenov | Owner: nobody Type: Uncategorized | Status: new Milestone: | Component: Uncategorized Version: 1.2 | Severity: Normal Keywords: | Triage Stage: Unreviewed Has patch: 0 | ---------------------------+------------------------------ In [[http://docs.djangoproject.com/en/dev/releases/1.3/#backwards- incompatible-changes-1-3|Django 1.3 release notes]], it says: "Prior to Django 1.2.5, the Django administrative interface allowed filtering on any model field or relation -- not just those specified in list_filter -- via query string manipulation. Due to [[http://www.djangoproject.com/weblog/2011/feb/08/security/|security issues]] reported to us, however, query string lookup arguments in the admin must be for fields or relations specified in list_filter or date_hierarchy."
However, the linked "security issues" page doesn't mention anything about the admin area and list_filter. The link should either be fixed, or removed. -- Ticket URL: <http://code.djangoproject.com/ticket/15821> Django <http://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.