Branch: refs/heads/stable/1.7.x Home: https://github.com/django/django Commit: 546740544d7f69254a67b06a3fc7fa0c43512958 https://github.com/django/django/commit/546740544d7f69254a67b06a3fc7fa0c43512958 Author: Tim Graham <timogra...@gmail.com> Date: 2014-04-21 (Mon, 21 Apr 2014)
Changed paths: M django/core/urlresolvers.py A tests/urlpatterns_reverse/nonimported_module.py M tests/urlpatterns_reverse/tests.py M tests/urlpatterns_reverse/urls.py M tests/urlpatterns_reverse/views.py Log Message: ----------- [1.7.x] Fixed a remote code execution vulnerabilty in URL reversing. Thanks Benjamin Bach for the report and initial patch. This is a security fix; disclosure to follow shortly. Backport of 8b93b31487d6d3b0fcbbd0498991ea0db9088054 from master Commit: 380545bf85cbf17fc698d136815b7691f8d023ca https://github.com/django/django/commit/380545bf85cbf17fc698d136815b7691f8d023ca Author: Aymeric Augustin <aymeric.augus...@m4x.org> Date: 2014-04-21 (Mon, 21 Apr 2014) Changed paths: M django/middleware/cache.py M tests/cache/tests.py Log Message: ----------- [1.7.x] Prevented leaking the CSRF token through caching. This is a security fix. Disclosure will follow shortly. Backport of c083e3815aec23b99833da710eea574e6f2e8566 from master Commit: 34526c2f56b863c2103655a0893ac801667e86ea https://github.com/django/django/commit/34526c2f56b863c2103655a0893ac801667e86ea Author: Erik Romijn <erom...@solidlinks.nl> Date: 2014-04-21 (Mon, 21 Apr 2014) Changed paths: M django/db/models/fields/__init__.py M docs/howto/custom-model-fields.txt M docs/ref/databases.txt M docs/ref/models/querysets.txt M docs/topics/db/sql.txt M tests/model_fields/tests.py Log Message: ----------- [1.7.x] Fixed queries that may return unexpected results on MySQL due to typecasting. This is a security fix. Disclosure will follow shortly. Backport of 75c0d4ea3ae48970f788c482ee0bd6b29a7f1307 from master Commit: 5577fd673e071fbfb0d140ea66b31983956ab174 https://github.com/django/django/commit/5577fd673e071fbfb0d140ea66b31983956ab174 Author: Erik Romijn <erom...@solidlinks.nl> Date: 2014-04-21 (Mon, 21 Apr 2014) Changed paths: M docs/releases/1.4.11.txt M docs/releases/1.5.6.txt M docs/releases/1.6.3.txt Log Message: ----------- [1.7.x] Added information on resolved security issues to release notes. Backport of c07f3e60c2d455e36ba4ac339d4283d32bbc3814 from master Compare: https://github.com/django/django/compare/0bd913a19cf0...5577fd673e07 -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/53559cad772a5_78741095d34121881%40hookshot-fe2-cp1-prd.iad.github.net.mail. For more options, visit https://groups.google.com/d/optout.