Moved release note for refs #23601 to 1.7.1.
This commit is contained in:
parent
844ba211ce
commit
51165401be
|
@ -91,3 +91,9 @@ Bugfixes
|
|||
(:ticket:`23560`).
|
||||
|
||||
* Fixed ``deepcopy`` on ``ErrorList`` (:ticket:`23594`).
|
||||
|
||||
* Made the :mod:`~django.contrib.admindocs` view to browse view details check
|
||||
if the view specified in the URL exists in the URLconf. Previously it was
|
||||
possible to import arbitrary packages from the Python path. This was not
|
||||
considered a security issue because ``admindocs`` is only accessible to staff
|
||||
users (:ticket:`23601`).
|
||||
|
|
|
@ -76,14 +76,6 @@ Minor features
|
|||
<django.contrib.admin.ModelAdmin.show_full_result_count>` to control whether
|
||||
or not the full count of objects should be displayed on a filtered admin page.
|
||||
|
||||
:mod:`django.contrib.admindocs`
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
* The view to browse view details now checks if the view specified in the URL
|
||||
exists in the URLconf. Previously it was possible to import arbitrary
|
||||
packages from the Python path. This was not considered a security issue
|
||||
because ``admindocs`` is only accessible to staff users.
|
||||
|
||||
:mod:`django.contrib.auth`
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
|
|
Loading…
Reference in New Issue