"Fossies" - the Fresh Open Source Software Archive

Member "Django-1.11.25/docs/releases/1.10.8.txt" (1 Oct 2019, 668 Bytes) of package /linux/www/Django-1.11.25.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 ===========================
    2 Django 1.10.8 release notes
    3 ===========================
    4 
    5 *September 5, 2017*
    6 
    7 Django 1.10.8 fixes a security issue in 1.10.7.
    8 
    9 CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page
   10 =============================================================================
   11 
   12 In older versions, HTML autoescaping was disabled in a portion of the template
   13 for the technical 500 debug page. Given the right circumstances, this allowed
   14 a cross-site scripting attack. This vulnerability shouldn't affect most
   15 production sites since you shouldn't run with ``DEBUG = True`` (which makes
   16 this page accessible) in your production settings.