mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity
21,523 Commits 30 Branches 460 Tags
c049c43e28a3e46eaed13bb8e018b221250a0145
Commit Graph

28 Commits

Author SHA1 Message Date
David Sanders
cc968b9c90 Added links to new security settings introduced in 1.8. 2015-09-04 12:55:32 -04:00
Claude Paroz
e9c5c39631 Updated various links in docs 2015-08-08 13:57:15 +02:00
Claude Paroz
64982cc2fb Updated Wikipedia links to use https 2015-08-08 12:02:32 +02:00
Tim Graham
97fa7fe961 Fixed #25212 -- Documented the RawSQL expression. 2015-08-05 07:54:54 -04:00
Carl Meyer
d16bc7f0e4 Fixed #23561 -- Corrected a security doc example that requires an unquoted HTML attribute. 
Thanks "djbug" for the report.
 2014-09-26 11:07:55 -06:00
Tim Graham
9432f1e750 Fixed some doc errors that caused syntax highlighting to fail. 2014-08-18 20:37:47 -04:00
Tim Graham
f65eb15ac6 Fixed #22504 -- Corrected domain terminology in security guide. 
Thanks chris at chrullrich.net.
 2014-04-25 10:27:13 -04:00
Moayad Mardini
3776926cfe Fixed #22493 - Added warnings to raw() and extra() docs about SQL injection 
Thanks Erik Romijn for the suggestion.
 2014-04-25 09:54:49 -04:00
Tim Graham
4965a77407 Removed PIL compatability layer per deprecation timeline. 
refs #19934.
 2014-03-21 10:54:53 -04:00
Tim Graham
df6760f12c Added a warning regarding risks in serving user uploaded media. 
Thanks Preston Holmes for the draft text.
 2013-11-27 16:35:25 -05:00
Tim Graham
a3372f67cb Added a warning regarding session security and subdomains. 2013-10-18 09:42:45 -04:00
Aymeric Augustin
1267d2d9bc Fixed #20330 -- Normalized spelling of "web server". 
Thanks Baptiste Mispelon for the report.
 2013-04-29 19:40:43 +02:00
Carl Meyer
d51fb74360 Added a new required ALLOWED_HOSTS setting for HTTP host header validation. 
This is a security fix; disclosure and advisory coming shortly.
 2013-02-19 11:23:29 -07:00
Aymeric Augustin
ebd2598596 Removed django.contrib.markup. 2012-12-29 21:59:07 +01:00
Tim Graham
b3a8c9dab8 Fixed broken links, round 3. refs #19516 2012-12-26 19:07:22 -05:00
Florian Apolloner
27560924ec Fixed a security issue in get_host. 
Full disclosure and new release forthcoming.
 2012-12-10 22:11:40 +01:00
David Fischer
58786897a1 Formatting fix for host headers section 2012-09-06 16:10:08 -04:00
David Fischer
c65100248d Added CSRF with HTTPS/HSTS and forwarding note 2012-09-06 16:08:14 -04:00
David Fischer
ba141e6906 Added note about Strict Transport Security (HSTS) 2012-09-06 15:13:31 -04:00
Luke Plant
0199bdc0b4 Rewrote security.txt SSL docs, noting SECURE_PROXY_SSL_HEADER. 2012-06-04 21:41:05 +01:00
Luke Plant
718f149bb2 Added more explicit warnings about unconfigured reStructured Text usage in docs. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17915 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-04-19 15:00:55 +00:00
Adrian Holovaty
d3055b3382 Quick edit of docs/topics/security.txt to catch some basic formatting problems and reword an awkward section 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17222 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-12-17 02:48:27 +00:00
Russell Keith-Magee
893cea211a Added protection against spoofing of X_FORWARDED_HOST headers. A security announcement will be made shortly. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16758 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-09-10 00:46:38 +00:00
Jannis Leidel
f0280f2e94 Fixes #16482 -- Fixes typo in security docs. Thanks, charettes. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16560 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-07-29 09:39:55 +00:00
Luke Plant
9896b0df73 Grammar fixes and content tweaks to XSS section of security docs. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16545 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-07-17 14:17:26 +00:00
Luke Plant
f5c9c2246e Improved warning about file uploads in docs, and added link from security overview page 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16521 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-07-06 23:44:54 +00:00
Jannis Leidel
3ee076b135 Fixed #16248 -- Corrected a few typos in the security docs. Thanks, buddelkiste. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16397 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-06-14 10:34:52 +00:00
Luke Plant
528157ce73 Fixed #14201 - Add a "security overview" page to the docs 
Thanks to davidfischer for the initial patch!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-06-10 15:14:36 +00:00