diff --git a/docs/releases/1.4.13.txt b/docs/releases/1.4.13.txt index 978f93580c..14e5af9a0d 100644 --- a/docs/releases/1.4.13.txt +++ b/docs/releases/1.4.13.txt @@ -39,7 +39,7 @@ Django relies on user input in some cases (e.g. :func:`django.contrib.auth.views.login`, ``django.contrib.comments``, and :doc:`i18n `) to redirect the user to an "on success" URL. The security checks for these redirects (namely -``django.util.http.is_safe_url()``) did not correctly validate some malformed +``django.utils.http.is_safe_url()``) did not correctly validate some malformed URLs, such as `http:\\\\\\djangoproject.com`, which are accepted by some browsers with more liberal URL parsing. diff --git a/docs/releases/1.4.18.txt b/docs/releases/1.4.18.txt index b154d872fa..418808d6cc 100644 --- a/docs/releases/1.4.18.txt +++ b/docs/releases/1.4.18.txt @@ -37,7 +37,7 @@ Mitigated possible XSS attack via user-supplied redirect URLs Django relies on user input in some cases (e.g. :func:`django.contrib.auth.views.login` and :doc:`i18n `) to redirect the user to an "on success" URL. The security checks for these -redirects (namely ``django.util.http.is_safe_url()``) didn't strip leading +redirects (namely ``django.utils.http.is_safe_url()``) didn't strip leading whitespace on the tested URL and as such considered URLs like ``\njavascript:...`` safe. If a developer relied on ``is_safe_url()`` to provide safe redirect targets and put such a URL into a link, they could suffer diff --git a/docs/releases/1.4.6.txt b/docs/releases/1.4.6.txt index e6ed040c42..9aaecb5241 100644 --- a/docs/releases/1.4.6.txt +++ b/docs/releases/1.4.6.txt @@ -16,7 +16,7 @@ Django relies on user input in some cases (e.g. :func:`django.contrib.auth.views.login`, ``django.contrib.comments``, and :doc:`i18n `) to redirect the user to an "on success" URL. The security checks for these redirects (namely -``django.util.http.is_safe_url()``) didn't check if the scheme is ``http(s)`` +``django.utils.http.is_safe_url()``) didn't check if the scheme is ``http(s)`` and as such allowed ``javascript:...`` URLs to be entered. If a developer relied on ``is_safe_url()`` to provide safe redirect targets and put such a URL into a link, they could suffer from a XSS attack. This bug doesn't affect diff --git a/docs/releases/1.5.2.txt b/docs/releases/1.5.2.txt index 01147951b7..1e6a448948 100644 --- a/docs/releases/1.5.2.txt +++ b/docs/releases/1.5.2.txt @@ -13,7 +13,7 @@ Django relies on user input in some cases (e.g. :func:`django.contrib.auth.views.login`, ``django.contrib.comments``, and :doc:`i18n `) to redirect the user to an "on success" URL. The security checks for these redirects (namely -``django.util.http.is_safe_url()``) didn't check if the scheme is ``http(s)`` +``django.utils.http.is_safe_url()``) didn't check if the scheme is ``http(s)`` and as such allowed ``javascript:...`` URLs to be entered. If a developer relied on ``is_safe_url()`` to provide safe redirect targets and put such a URL into a link, they could suffer from a XSS attack. This bug doesn't affect diff --git a/docs/releases/1.5.8.txt b/docs/releases/1.5.8.txt index 16d3db65cd..93ad815cec 100644 --- a/docs/releases/1.5.8.txt +++ b/docs/releases/1.5.8.txt @@ -39,7 +39,7 @@ Django relies on user input in some cases (e.g. :func:`django.contrib.auth.views.login`, ``django.contrib.comments``, and :doc:`i18n `) to redirect the user to an "on success" URL. The security checks for these redirects (namely -``django.util.http.is_safe_url()``) did not correctly validate some malformed +``django.utils.http.is_safe_url()``) did not correctly validate some malformed URLs, such as `http:\\\\\\djangoproject.com`, which are accepted by some browsers with more liberal URL parsing. diff --git a/docs/releases/1.6.10.txt b/docs/releases/1.6.10.txt index a559bfc3cd..e99a8256a7 100644 --- a/docs/releases/1.6.10.txt +++ b/docs/releases/1.6.10.txt @@ -36,7 +36,7 @@ Mitigated possible XSS attack via user-supplied redirect URLs Django relies on user input in some cases (e.g. :func:`django.contrib.auth.views.login` and :doc:`i18n `) to redirect the user to an "on success" URL. The security checks for these -redirects (namely ``django.util.http.is_safe_url()``) didn't strip leading +redirects (namely ``django.utils.http.is_safe_url()``) didn't strip leading whitespace on the tested URL and as such considered URLs like ``\njavascript:...`` safe. If a developer relied on ``is_safe_url()`` to provide safe redirect targets and put such a URL into a link, they could suffer diff --git a/docs/releases/1.6.5.txt b/docs/releases/1.6.5.txt index 4aa727e8c8..cacb522af8 100644 --- a/docs/releases/1.6.5.txt +++ b/docs/releases/1.6.5.txt @@ -39,7 +39,7 @@ Django relies on user input in some cases (e.g. :func:`django.contrib.auth.views.login`, ``django.contrib.comments``, and :doc:`i18n `) to redirect the user to an "on success" URL. The security checks for these redirects (namely -``django.util.http.is_safe_url()``) did not correctly validate some malformed +``django.utils.http.is_safe_url()``) did not correctly validate some malformed URLs, such as `http:\\\\\\djangoproject.com`, which are accepted by some browsers with more liberal URL parsing. diff --git a/docs/releases/1.7.3.txt b/docs/releases/1.7.3.txt index 46785bf4a6..2f3c9c7f49 100644 --- a/docs/releases/1.7.3.txt +++ b/docs/releases/1.7.3.txt @@ -36,7 +36,7 @@ Mitigated possible XSS attack via user-supplied redirect URLs Django relies on user input in some cases (e.g. :func:`django.contrib.auth.views.login` and :doc:`i18n `) to redirect the user to an "on success" URL. The security checks for these -redirects (namely ``django.util.http.is_safe_url()``) didn't strip leading +redirects (namely ``django.utils.http.is_safe_url()``) didn't strip leading whitespace on the tested URL and as such considered URLs like ``\njavascript:...`` safe. If a developer relied on ``is_safe_url()`` to provide safe redirect targets and put such a URL into a link, they could suffer