p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Corrected markup problems in new security summary page.

This commit is contained in:
Russell Keith-Magee 2013-09-19 13:57:02 +08:00
parent 8b3bae9466
commit 8e134c27c9
4 changed files with 89 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/index.txt
View File

@ -215,6 +215,7 @@ Security is a topic of paramount importance in the development of Web
applications and Django provides multiple protection tools and mechanisms: applications and Django provides multiple protection tools and mechanisms:
* :doc:`Security overview <topics/security>` * :doc:`Security overview <topics/security>`
* :doc:`Disclosed security issues in Django <releases/security>`
* :doc:`Clickjacking protection <ref/clickjacking>` * :doc:`Clickjacking protection <ref/clickjacking>`
* :doc:`Cross Site Request Forgery protection <ref/contrib/csrf>` * :doc:`Cross Site Request Forgery protection <ref/contrib/csrf>`
* :doc:`Cryptographic signing <topics/signing>` * :doc:`Cryptographic signing <topics/signing>`

4
docs/internals/security.txt
View File

@ -128,8 +128,8 @@ may privately contact and discuss those issues with the appropriate
maintainers, and coordinate our own disclosure and resolution with maintainers, and coordinate our own disclosure and resolution with
theirs. theirs.
The Django team also maintains an :ref:`archive of security issues The Django team also maintains an :doc:`archive of security issues
disclosed in Django <security-releases>`. disclosed in Django</releases/security>`.
.. _security-notifications: .. _security-notifications:

9
docs/releases/index.txt
View File

@ -115,12 +115,12 @@ Pre-1.0 releases
Security releases Security releases
================= =================
Whenever a security issue is disclosed via :ref:`Django's security Whenever a security issue is disclosed via :doc:`Django's security
policies <internals-security>`, appropriate release notes are now policies </internals/security>`, appropriate release notes are now
added to all affected release series. added to all affected release series.
Additionally, :ref:`an archive of disclosed security issues Additionally, :doc:`an archive of disclosed security issues
<security-releases>` is maintained. </releases/security>` is maintained.
Development releases Development releases
==================== ====================
@ -132,6 +132,7 @@ notes.
.. toctree:: .. toctree::
:maxdepth: 1 :maxdepth: 1
security
1.5-beta-1 1.5-beta-1
1.5-alpha-1 1.5-alpha-1
1.4-beta-1 1.4-beta-1

162
docs/releases/security.txt
View File

@ -6,7 +6,7 @@ Archive of security issues
Django's development team is strongly committed to responsible Django's development team is strongly committed to responsible
reporting and disclosure of security-related issues, as outlined in reporting and disclosure of security-related issues, as outlined in
:ref:`Django's security policies <internals-security>`. :doc:`Django's security policies </internals/security>`.
As part of that commitment, we maintain the following historical list As part of that commitment, we maintain the following historical list
of issues which have been fixed and disclosed. For each issue, the of issues which have been fixed and disclosed. For each issue, the
@ -54,9 +54,9 @@ August 16, 2006
* Django 0.91 * Django 0.91
* `Full description <https://www.djangoproject.com/weblog/2006/aug/16/compilemessages/>`_ * `Full description <https://www.djangoproject.com/weblog/2006/aug/16/compilemessages/>`__
* Patch: `unified 0.90/0.91 <https://github.com/django/django/commit/518d406e53>`_ * Patch: `unified 0.90/0.91 <https://github.com/django/django/commit/518d406e53>`__
January 21, 2007 January 21, 2007
@ -64,7 +64,7 @@ January 21, 2007
* **Issues:** * **Issues:**
* Patch CVE-2007-0404 for Django 0.95 * Patch `CVE-2007-0404`_ for Django 0.95
* Apparent "caching" of authenticated user: `CVE-2007-0405 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0405&cid=3>`_ * Apparent "caching" of authenticated user: `CVE-2007-0405 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0405&cid=3>`_
@ -72,13 +72,13 @@ January 21, 2007
* Django 0.95 * Django 0.95
* `Full description <https://www.djangoproject.com/weblog/2007/jan/21/0951/>`_ * `Full description <https://www.djangoproject.com/weblog/2007/jan/21/0951/>`__
* **Patches:** * **Patches:**
* `2006-08-26 issue <https://github.com/django/django/commit/a132d411c6>`_ * `2006-08-26 issue <https://github.com/django/django/commit/a132d411c6>`__
* `User caching issue <https://github.com/django/django/commit/e89f0a6558>`_ * `User caching issue <https://github.com/django/django/commit/e89f0a6558>`__
@ -104,15 +104,15 @@ October 26, 2007
* Django 0.96 * Django 0.96
* `Full description <https://www.djangoproject.com/weblog/2007/oct/26/security-fix/>`_ * `Full description <https://www.djangoproject.com/weblog/2007/oct/26/security-fix/>`__
* **Patches:** * **Patches:**
* `0.91 <https://github.com/django/django/commit/8bc36e726c9e8c75c681d3ad232df8e882aaac81>`_ * `0.91 <https://github.com/django/django/commit/8bc36e726c9e8c75c681d3ad232df8e882aaac81>`__
* `0.95 <https://github.com/django/django/commit/412ed22502e11c50dbfee854627594f0e7e2c234>`_ * `0.95 <https://github.com/django/django/commit/412ed22502e11c50dbfee854627594f0e7e2c234>`__
* `0.96 <https://github.com/django/django/commit/7dd2dd08a79e388732ce00e2b5514f15bd6d0f6f>`_ * `0.96 <https://github.com/django/django/commit/7dd2dd08a79e388732ce00e2b5514f15bd6d0f6f>`__
May 14, 2008 May 14, 2008
@ -130,15 +130,15 @@ May 14, 2008
* Django 0.96 * Django 0.96
* `Full description <https://www.djangoproject.com/weblog/2008/may/14/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2008/may/14/security/>`__
* **Patches:** * **Patches:**
* `0.91 <https://github.com/django/django/commit/50ce7fb57d>`_ * `0.91 <https://github.com/django/django/commit/50ce7fb57d>`__
* `0.95 <https://github.com/django/django/commit/50ce7fb57d>`_ * `0.95 <https://github.com/django/django/commit/50ce7fb57d>`__
* `0.96 <https://github.com/django/django/commit/7791e5c050>`_ * `0.96 <https://github.com/django/django/commit/7791e5c050>`__
September 2, 2008 September 2, 2008
@ -156,15 +156,15 @@ September 2, 2008
* Django 0.96 * Django 0.96
* `Full description <https://www.djangoproject.com/weblog/2008/sep/02/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2008/sep/02/security/>`__
* **Patches:** * **Patches:**
* `0.91 <https://github.com/django/django/commit/44debfeaa4473bd28872c735dd3d9afde6886752>`_ * `0.91 <https://github.com/django/django/commit/44debfeaa4473bd28872c735dd3d9afde6886752>`__
* `0.95 <https://github.com/django/django/commit/aee48854a164382c655acb9f18b3c06c3d238e81>`_ * `0.95 <https://github.com/django/django/commit/aee48854a164382c655acb9f18b3c06c3d238e81>`__
* `0.96 <https://github.com/django/django/commit/7e0972bded362bc4b851c109df2c8a6548481a8e>`_ * `0.96 <https://github.com/django/django/commit/7e0972bded362bc4b851c109df2c8a6548481a8e>`__
July 28, 2009 July 28, 2009
@ -180,13 +180,13 @@ July 28, 2009
* Django 1.0 * Django 1.0
* `Full description <https://www.djangoproject.com/weblog/2009/jul/28/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2009/jul/28/security/>`__
* **Patches:** * **Patches:**
* `0.96 <https://github.com/django/django/commit/da85d76fd6>`_ * `0.96 <https://github.com/django/django/commit/da85d76fd6>`__
* `1.0 <https://github.com/django/django/commit/df7f917b7f>`_ * `1.0 <https://github.com/django/django/commit/df7f917b7f>`__
October 9, 2009 October 9, 2009
@ -202,13 +202,13 @@ October 9, 2009
* Django 1.1 * Django 1.1
* `Full description <https://www.djangoproject.com/weblog/2009/oct/09/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2009/oct/09/security/>`__
* **Patches:** * **Patches:**
* `1.0 <https://github.com/django/django/commit/594a28a904>`_ * `1.0 <https://github.com/django/django/commit/594a28a904>`__
* `1.1 <https://github.com/django/django/commit/e3e992e18b>`_ * `1.1 <https://github.com/django/django/commit/e3e992e18b>`__
September 8, 2010 September 8, 2010
@ -222,11 +222,11 @@ September 8, 2010
* Django 1.2 * Django 1.2
* `Full description <https://www.djangoproject.com/weblog/2010/sep/08/security-release/>`_ * `Full description <https://www.djangoproject.com/weblog/2010/sep/08/security-release/>`__
* **Patches:** * **Patches:**
* `1.2 <https://github.com/django/django/commit/7f84657b6b>`_ * `1.2 <https://github.com/django/django/commit/7f84657b6b>`__
December 22, 2010 December 22, 2010
@ -244,17 +244,17 @@ December 22, 2010
* Django 1.2 * Django 1.2
* `Full description <https://www.djangoproject.com/weblog/2010/dec/22/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2010/dec/22/security/>`__
* **Patches:** * **Patches:**
* `1.1 CVE-2010-4534 <https://github.com/django/django/commit/17084839fd>`_ * `1.1 CVE-2010-4534 <https://github.com/django/django/commit/17084839fd>`__
* `1.1 CVE-2010-4535 <https://github.com/django/django/commit/7f8dd9cbac>`_ * `1.1 CVE-2010-4535 <https://github.com/django/django/commit/7f8dd9cbac>`__
* `1.2 CVE-2010-4534 <https://github.com/django/django/commit/85207a245b>`_ * `1.2 CVE-2010-4534 <https://github.com/django/django/commit/85207a245b>`__
* `1.2 CVE-2010-4535 <https://github.com/django/django/commit/d5d8942a16>`_ * `1.2 CVE-2010-4535 <https://github.com/django/django/commit/d5d8942a16>`__
February 8, 2011 February 8, 2011
@ -274,21 +274,21 @@ February 8, 2011
* Django 1.2 * Django 1.2
* `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`__
* **Patches:** * **Patches:**
* `1.1 CVE-2010-0696 <https://github.com/django/django/commit/408c5c873c>`_ * `1.1 CVE-2010-0696 <https://github.com/django/django/commit/408c5c873c>`__
* `1.1 CVE-2010-0697 <https://github.com/django/django/commit/1966786d2d>`_ * `1.1 CVE-2010-0697 <https://github.com/django/django/commit/1966786d2d>`__
* `1.1 CVE-2010-0698 <https://github.com/django/django/commit/570a32a047>`_ * `1.1 CVE-2010-0698 <https://github.com/django/django/commit/570a32a047>`__
* `1.2 CVE-2010-0696 <https://github.com/django/django/commit/818e70344e>`_ * `1.2 CVE-2010-0696 <https://github.com/django/django/commit/818e70344e>`__
* `1.2 CVE-2010-0697 <https://github.com/django/django/commit/1f814a9547>`_ * `1.2 CVE-2010-0697 <https://github.com/django/django/commit/1f814a9547>`__
* `1.2 CVE-2010-0698 <https://github.com/django/django/commit/194566480b>`_ * `1.2 CVE-2010-0698 <https://github.com/django/django/commit/194566480b>`__
September 9, 2011 September 9, 2011
@ -314,21 +314,21 @@ September 9, 2011
* Django 1.3 * Django 1.3
* `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`_ * `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__
* **Patches:** * **Patches:**
* `1.2 CVE-2011-4136 <https://github.com/django/django/commit/ac7c3a110f>`_ * `1.2 CVE-2011-4136 <https://github.com/django/django/commit/ac7c3a110f>`__
* `1.2 CVE-2011-4137 and CVE-2011-4138 <https://github.com/django/django/commit/7268f8af86>`_ * `1.2 CVE-2011-4137 and CVE-2011-4138 <https://github.com/django/django/commit/7268f8af86>`__
* `1.2 CVE-2011-4139 <https://github.com/django/django/commit/c613af4d64>`_ * `1.2 CVE-2011-4139 <https://github.com/django/django/commit/c613af4d64>`__
* `1.3 CVE-2011-4136 <https://github.com/django/django/commit/fbe2eead2f>`_ * `1.3 CVE-2011-4136 <https://github.com/django/django/commit/fbe2eead2f>`__
* `1.3 CVE-2011-4137 and CVE-2011-4138 <https://github.com/django/django/commit/1a76dbefdf>`_ * `1.3 CVE-2011-4137 and CVE-2011-4138 <https://github.com/django/django/commit/1a76dbefdf>`__
* `1.3 CVE-2011-4139 <https://github.com/django/django/commit/2f7fadc38e>`_ * `1.3 CVE-2011-4139 <https://github.com/django/django/commit/2f7fadc38e>`__
July 30, 2012 July 30, 2012
@ -348,21 +348,21 @@ July 30, 2012
* Django 1.4 * Django 1.4
* `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`_ * `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`__
* **Patches:** * **Patches:**
* `1.3 CVE-2012-3442 <https://github.com/django/django/commit/4dea4883e6c50d75f215a6b9bcbd95273f57c72d>`_ * `1.3 CVE-2012-3442 <https://github.com/django/django/commit/4dea4883e6c50d75f215a6b9bcbd95273f57c72d>`__
* `1.3 CVE-2012-3443 <https://github.com/django/django/commit/b2eb4787a0fff9c9993b78be5c698e85108f3446>`_ * `1.3 CVE-2012-3443 <https://github.com/django/django/commit/b2eb4787a0fff9c9993b78be5c698e85108f3446>`__
* `1.3 CVE-2012-3444 <https://github.com/django/django/commit/9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155>`_ * `1.3 CVE-2012-3444 <https://github.com/django/django/commit/9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155>`__
* `1.4 CVE-2012-3442 <https://github.com/django/django/commit/e34685034b60be1112160e76091e5aee60149fa1>`_ * `1.4 CVE-2012-3442 <https://github.com/django/django/commit/e34685034b60be1112160e76091e5aee60149fa1>`__
* `1.4 CVE-2012-3443 <https://github.com/django/django/commit/c14f325c4eef628bc7bfd8873c3a72aeb0219141>`_ * `1.4 CVE-2012-3443 <https://github.com/django/django/commit/c14f325c4eef628bc7bfd8873c3a72aeb0219141>`__
* `1.4 CVE-2012-3444 <https://github.com/django/django/commit/da33d67181b53fe6cc737ac1220153814a1509f6>`_ * `1.4 CVE-2012-3444 <https://github.com/django/django/commit/da33d67181b53fe6cc737ac1220153814a1509f6>`__
October 17, 2012 October 17, 2012
@ -378,13 +378,13 @@ October 17, 2012
* Django 1.4 * Django 1.4
* `Full description <https://www.djangoproject.com/weblog/2012/oct/17/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2012/oct/17/security/>`__
* **Patches:** * **Patches:**
* `1.3 <https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071>`_ * `1.3 <https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071>`__
* `1.4 <https://github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3>`_ * `1.4 <https://github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3>`__
December 10, 2012 December 10, 2012
@ -402,17 +402,17 @@ December 10, 2012
* Django 1.4 * Django 1.4
* `Full description <https://www.djangoproject.com/weblog/2012/dec/10/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2012/dec/10/security/>`__
* **Patches:** * **Patches:**
* `1.3 Host hardening <https://github.com/django/django/commit/2da4ace0bc1bc1d79bf43b368cb857f6f0cd6b1b>`_ * `1.3 Host hardening <https://github.com/django/django/commit/2da4ace0bc1bc1d79bf43b368cb857f6f0cd6b1b>`__
* `1.3 redirect hardening <https://github.com/django/django/commit/1515eb46daa0897ba5ad5f0a2db8969255f1b343>`_ * `1.3 redirect hardening <https://github.com/django/django/commit/1515eb46daa0897ba5ad5f0a2db8969255f1b343>`__
* `1.4 Host hardening <https://github.com/django/django/commit/319627c184e71ae267d6b7f000e293168c7b6e09>`_ * `1.4 Host hardening <https://github.com/django/django/commit/319627c184e71ae267d6b7f000e293168c7b6e09>`__
* `1.4 redirect hardning <https://github.com/django/django/commit/b2ae0a63aeec741f1e51bac9a95a27fd635f9652>`_ * `1.4 redirect hardning <https://github.com/django/django/commit/b2ae0a63aeec741f1e51bac9a95a27fd635f9652>`__
February 19, 2013 February 19, 2013
@ -434,25 +434,25 @@ February 19, 2013
* Django 1.4 * Django 1.4
* `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`__
* **Patches:** * **Patches:**
* `1.3 Host hardening <https://github.com/django/django/commit/27cd872e6e36a81d0bb6f5b8765a1705fecfc253>`_ * `1.3 Host hardening <https://github.com/django/django/commit/27cd872e6e36a81d0bb6f5b8765a1705fecfc253>`__
* `1.3 XML attacks <https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112>`_ * `1.3 XML attacks <https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112>`__
* `1.3 CVE-2013-0305 <https://github.com/django/django/commit/d3a45e10c8ac8268899999129daa27652ec0da35>`_ * `1.3 CVE-2013-0305 <https://github.com/django/django/commit/d3a45e10c8ac8268899999129daa27652ec0da35>`__
* `1.3 CVE-2013-0306 <https://github.com/django/django/commit/d7094bbce8cb838f3b40f504f198c098ff1cf727>`_ * `1.3 CVE-2013-0306 <https://github.com/django/django/commit/d7094bbce8cb838f3b40f504f198c098ff1cf727>`__
* `1.4 Host hardening <https://github.com/django/django/commit/9936fdb11d0bbf0bd242f259bfb97bbf849d16f8>`_ * `1.4 Host hardening <https://github.com/django/django/commit/9936fdb11d0bbf0bd242f259bfb97bbf849d16f8>`__
* `1.4 XML attacks <https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40>`_ * `1.4 XML attacks <https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40>`__
* `1.4 CVE-2013-0305 <https://github.com/django/django/commit/0e7861aec73702f7933ce2a93056f7983939f0d6>`_ * `1.4 CVE-2013-0305 <https://github.com/django/django/commit/0e7861aec73702f7933ce2a93056f7983939f0d6>`__
* `1.4 CVE-2013-0306 <https://github.com/django/django/commit/0cc350a896f70ace18280410eb616a9197d862b0>`_ * `1.4 CVE-2013-0306 <https://github.com/django/django/commit/0cc350a896f70ace18280410eb616a9197d862b0>`__
August 13, 2013 August 13, 2013
@ -470,15 +470,15 @@ August 13, 2013
* Django 1.5 * Django 1.5
* `Full description <https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/>`_ * `Full description <https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/>`__
* **Patches:** * **Patches:**
* `1.4 redirect validation <https://github.com/django/django/commit/ec67af0bd609c412b76eaa4cc89968a2a8e5ad6a>`_ * `1.4 redirect validation <https://github.com/django/django/commit/ec67af0bd609c412b76eaa4cc89968a2a8e5ad6a>`__
* `1.5 URLField trusting <https://github.com/django/django/commit/90363e388c61874add3f3557ee654a996ec75d78>`_ * `1.5 URLField trusting <https://github.com/django/django/commit/90363e388c61874add3f3557ee654a996ec75d78>`__
* `1.5 redirect validation <https://github.com/django/django/commit/1a274ccd6bc1afbdac80344c9b6e5810c1162b5f>`_ * `1.5 redirect validation <https://github.com/django/django/commit/1a274ccd6bc1afbdac80344c9b6e5810c1162b5f>`__
September 10, 2013 September 10, 2013
@ -494,13 +494,13 @@ September 10, 2013
* Django 1.5 * Django 1.5
* `Full description <https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/>`_ * `Full description <https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/>`__
* **Patches:** * **Patches:**
* `1.4 CVE-2013-4315 <https://github.com/django/django/commit/87d2750b39f6f2d54b7047225521a44dcd37e896>`_ * `1.4 CVE-2013-4315 <https://github.com/django/django/commit/87d2750b39f6f2d54b7047225521a44dcd37e896>`__
* `1.5 CVE-2013-4315 <https://github.com/django/django/commit/988b61c550d798f9a66d17ee0511fb7a9a7f33ca>`_ * `1.5 CVE-2013-4315 <https://github.com/django/django/commit/988b61c550d798f9a66d17ee0511fb7a9a7f33ca>`__
September 14, 2013 September 14, 2013
@ -516,12 +516,12 @@ September 14, 2013
* Django 1.5 * Django 1.5
* `Full description <https://www.djangoproject.com/weblog/2013/sep/15/security/>`_ * `Full description <https://www.djangoproject.com/weblog/2013/sep/15/security/>`__
* **Patches:** * **Patches:**
* `1.4 CVE-2013-1443 <https://github.com/django/django/commit/3f3d887a6844ec2db743fee64c9e53e04d39a368>`_ and `Python compatibility fix <https://github.com/django/django/commit/6903d1690a92aa040adfb0c8eb37cf62e4206714>`_ * `1.4 CVE-2013-1443 <https://github.com/django/django/commit/3f3d887a6844ec2db743fee64c9e53e04d39a368>`__ and `Python compatibility fix <https://github.com/django/django/commit/6903d1690a92aa040adfb0c8eb37cf62e4206714>`__
* `1.5 CVE-2013-1443 <https://github.com/django/django/commit/22b74fa09d7ccbc8c52270d648a0da7f3f0fa2bc>`__
* `1.5 CVE-2013-1443 <https://github.com/django/django/commit/22b74fa09d7ccbc8c52270d648a0da7f3f0fa2bc>`_