1
0
mirror of https://github.com/django/django.git synced 2025-10-23 21:59:11 +00:00
Commit Graph

35 Commits

Author SHA1 Message Date
David Smith
f81e6e3a53 Refs #36485 -- Rewrapped docs to 79 columns line length.
Lines in the docs files were manually adjusted to conform to the
79 columns limit per line (plus newline), improving readability and
consistency across the content.
2025-08-25 10:51:10 -03:00
Jake Howard
bc1bfe12b6 Clarified that only latest dependency versions are valid for security reports. 2025-06-18 11:04:34 -03:00
nessita
0f60102444 Added guidance on AI-assisted security reports to docs/internals/security.txt.
Co-authored-by: Shai Berger <shai@platonix.com>
Co-authored-by: Mike Edmunds <medmunds@gmail.com>
2025-06-17 11:45:03 -03:00
Sarah Boyce
582ba18d56 Added security guideline on reasonable size limitations when rendering content via the DTL.
This also removes the need to add warnings for every Django template filter.
2025-02-24 08:51:08 +01:00
Sarah Boyce
5935336059 Added security reporting guidelines. 2025-02-24 08:51:08 +01:00
Sarah Boyce
cecb76a942 Updated expectations for when security reports will receive a reply. 2025-02-24 08:51:08 +01:00
nessita
f609a2da86 Refs #35612 -- Extended docs on how the security team evaluates reports.
Co-authored-by: Shai Berger <shai@platonix.com>
2025-02-04 08:54:01 -03:00
Sarah Boyce
9423f8b476 Fixed #35612 -- Added documentation on how the security team evaluates reports.
Co-authored-by: Joshua Olatunji <joshua+github@etentlabs.com>
2024-10-11 10:53:11 +02:00
shivaramkumar
a47de0d6cd Changed severity levels to list in security policy docs. 2024-02-05 05:36:32 +01:00
Tim Graham
2c4dc64760 Used extlinks for PyPI links.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2023-04-17 06:55:32 +02:00
Markus Holtermann
d9a266d657 Updated Git branch "master" to "main".
This change follows a long discussion on django-develops:

https://groups.google.com/g/django-developers/c/tctDuKUGosc/
2021-03-09 08:48:32 +01:00
Michael Manfre
0e893248b2 Added notes related to security pre-notification list requests. 2020-05-21 10:30:14 +02:00
Tobias Kunze
4a954cfd11 Fixed #30573 -- Rephrased documentation to avoid words that minimise the involved difficulty.
This patch does not remove all occurrences of the words in question.
Rather, I went through all of the occurrences of the words listed
below, and judged if they a) suggested the reader had some kind of
knowledge/experience, and b) if they added anything of value (including
tone of voice, etc). I left most of the words alone. I looked at the
following words:

- simply/simple
- easy/easier/easiest
- obvious
- just
- merely
- straightforward
- ridiculous

Thanks to Carlton Gibson for guidance on how to approach this issue, and
to Tim Bell for providing the idea. But the enormous lion's share of
thanks go to Adam Johnson for his patient and helpful review.
2019-09-06 13:27:46 +02:00
François Freitag
9b15ff08ba Used auto-numbered lists in documentation. 2018-11-15 13:54:28 -05:00
Brett Cannon
64b74804c5 Fixed #29334 -- Updated pypi.python.org URLs to pypi.org. 2018-04-17 20:24:27 -04:00
Tim Graham
e1cf2a607e Added "Denial-of-service attacks" to the security issue severity classification. 2018-03-12 11:00:47 -04:00
Florian Apolloner
bf0dff4bed Typo fix. 2017-03-13 22:01:42 +01:00
Tim Graham
3d14cbc867 Removed docs/internals/roles.txt.
It's moved to https://www.djangoproject.com/foundation/teams/.
2017-02-15 09:31:41 +01:00
Tim Graham
af98a0a25e Updated security policy according to current practices.
Also added security release date notifications to django-announce.
2016-10-15 07:53:08 -04:00
Elif T. Kus
bca9faae95 Fixed #26020 -- Normalized header stylings in docs. 2016-01-22 12:12:17 -05:00
Tim Graham
aed437d567 Updated release process for new release schedule. 2015-06-25 11:36:17 -04:00
Tim Graham
46ce72e8d2 Added oss-security@lists.openwall.com to security release announcements. 2015-05-25 08:31:51 -04:00
Tim Graham
016d8cfbe2 Removed obsolete distros@vs.openwall.org security notification. 2015-05-21 19:22:58 -04:00
Aymeric Augustin
a4ead67ee9 Adjusted 'internals' docs to the new organization.
Most of these changes are about using the correct vocabulary -- "core
team member" vs "core developer/committer" and adding internal links.
2014-08-01 14:41:25 +02:00
James Bennett
c83583fb34 Correctly remove extraneous text about keys from previous edit. 2014-07-27 13:49:53 +02:00
James Bennett
fe87f8d670 Update from key ID in security.txt to authorized release keys list. 2014-07-27 13:48:59 +02:00
Tim Graham
7f2505ad9e Fixed doc typos. 2014-02-28 11:44:03 -05:00
James Turley
4d8209431d Fixed #21824 -- Added reference to LTS in docs/internals/security.txt 2014-01-24 08:13:17 -05:00
Claude Paroz
626bdf648a Updated a bunch of hyperlinks in documentation 2013-12-08 18:40:09 +01:00
Unai Zalakain
3895d8899d Fixed #21213 -- Added docs for Django's mailing lists.
Added docs/internals/mailing-lists.txt documenting the use of django's
mailing lists. All references across docs changed to point to this page.

The referencing makes use of substitution because there's no way to make
a :ref: link in a non-inline fashion in Sphinx. It also makes use of
rst_epilog Sphinx conf for making this substitutions across all the
docs.
2013-10-04 10:00:36 -04:00
Russell Keith-Magee
8e134c27c9 Corrected markup problems in new security summary page. 2013-09-19 13:57:02 +08:00
James Bennett
a2e25e8a83 Fix #21121: Add archive of security issues. 2013-09-18 23:13:04 -05:00
Tim Graham
5737c57d95 Fixed #20868 -- Added an email to django-announce as a security step.
Thanks garrison for the report.
2013-08-09 16:02:05 -04:00
Loic Bistuer
aff0aa3af8 Rephrased the docs for reporting security issues to make it less intimidating. 2013-07-16 17:17:08 +07:00
James Bennett
1ef1bceb3b Add new security-policy documentation.
This formally describes our policies on reporting, notification and
disclosure of security issues, and provides a detailed explanation of
our full security-response process, for reference purposes.
2012-08-07 16:06:34 -04:00