Branch: refs/heads/stable/1.6.x Home: https://github.com/django/django Commit: 4352a50871e239ebcdf64eee6f0b88e714015c1b https://github.com/django/django/commit/4352a50871e239ebcdf64eee6f0b88e714015c1b Author: Tim Graham <timogra...@gmail.com> Date: 2014-04-21 (Mon, 21 Apr 2014)
Changed paths: M django/core/urlresolvers.py A tests/urlpatterns_reverse/nonimported_module.py M tests/urlpatterns_reverse/tests.py M tests/urlpatterns_reverse/urls.py M tests/urlpatterns_reverse/views.py Log Message: ----------- [1.6.x] Fixed a remote code execution vulnerabilty in URL reversing. Thanks Benjamin Bach for the report and initial patch. This is a security fix; disclosure to follow shortly. Backport of 8b93b31487d6d3b0fcbbd0498991ea0db9088054 from master Commit: d63e20942f3024f24cb8cd85a49461ba8a9b6736 https://github.com/django/django/commit/d63e20942f3024f24cb8cd85a49461ba8a9b6736 Author: Aymeric Augustin <aymeric.augus...@m4x.org> Date: 2014-04-21 (Mon, 21 Apr 2014) Changed paths: M django/middleware/cache.py M tests/cache/tests.py Log Message: ----------- [1.6.x] Prevented leaking the CSRF token through caching. This is a security fix. Disclosure will follow shortly. Backport of c083e3815aec23b99833da710eea574e6f2e8566 from master Commit: 5f0829a27e85d89ad8c433f5c6a7a7d17c9e9292 https://github.com/django/django/commit/5f0829a27e85d89ad8c433f5c6a7a7d17c9e9292 Author: Erik Romijn <erom...@solidlinks.nl> Date: 2014-04-21 (Mon, 21 Apr 2014) Changed paths: M django/db/models/fields/__init__.py M docs/howto/custom-model-fields.txt M docs/ref/databases.txt M docs/ref/models/querysets.txt M docs/topics/db/sql.txt M tests/model_fields/tests.py Log Message: ----------- [1.6.x] Fixed queries that may return unexpected results on MySQL due to typecasting. This is a security fix. Disclosure will follow shortly. Backport of 75c0d4ea3ae48970f788c482ee0bd6b29a7f1307 from master Commit: d63bfb14dd1a35672fff18cd41f386330e109f8e https://github.com/django/django/commit/d63bfb14dd1a35672fff18cd41f386330e109f8e Author: Erik Romijn <erom...@solidlinks.nl> Date: 2014-04-21 (Mon, 21 Apr 2014) Changed paths: M docs/releases/1.4.11.txt M docs/releases/1.5.6.txt M docs/releases/1.6.3.txt Log Message: ----------- [1.6.x] Added information on resolved security issues to release notes. Backport of c07f3e60c2d455e36ba4ac339d4283d32bbc3814 from master Compare: https://github.com/django/django/compare/25adac9b42e6...d63bfb14dd1a -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/53559c9a536c3_304cccfd4492182%40hookshot-fe1-cp1-prd.iad.github.net.mail. For more options, visit https://groups.google.com/d/optout.