mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-12 18:30:48 +00:00
Code Issues 32 Releases Wiki Activity

[5.2.x] Refs #35612 -- Extended docs on how the security team evaluates reports.

Browse Source 
Co-authored-by: Shai Berger <shai@platonix.com>

Backport of f609a2da868b2320ecdc0551df3cca360d5b5bc3 from main.
This commit is contained in:
nessita 2025-02-04 08:54:01 -03:00 committed by Natalia
parent 209d0f6143
commit d6a44efa49
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/internals/security.txt
View File

@ -49,8 +49,14 @@ requires a security release:
* The vulnerability is within a :ref:`supported version <security-support>` of * The vulnerability is within a :ref:`supported version <security-support>` of
Django. Django.
* The vulnerability applies to a production-grade Django application. This means * The vulnerability does not depend on manual actions that rely on code
the following do not require a security release: external to Django. This includes actions performed by a project's developer
or maintainer using developer tools or the Django CLI. For example, attacks
that require running management commands with uncommon or insecure options
do not qualify.
* The vulnerability applies to a production-grade Django application. This
means the following scenarios do not require a security release:
* Exploits that only affect local development, for example when using * Exploits that only affect local development, for example when using
:djadmin:`runserver`. :djadmin:`runserver`.