Commit Graph

5 Commits

Author SHA1 Message Date
Simon Charette 027bd34864 [1.4.x] Prevented data leakage in contrib.admin via query string manipulation.
This is a security fix. Disclosure following shortly.
2014-08-11 16:01:41 -04:00
Preston Holmes c9e3b9949c [1.4.x] Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USE change.
This is a security fix. Disclosure following shortly.
2014-08-11 12:15:06 -04:00
Tim Graham 30042d475b [1.4.x] Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file names.
This is a security fix. Disclosure following shortly.
2014-08-11 10:14:06 -04:00
Florian Apolloner c2fe73133b [1.4.x] Prevented reverse() from generating URLs pointing to other hosts.
This is a security fix. Disclosure following shortly.
2014-08-11 09:04:23 -04:00
Tim Graham 4d5e972a2c [1.4.x] Added release note stub for 1.4.14. 2014-08-11 08:47:06 -04:00