test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
19,686 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

3 Commits

Author SHA1 Message Date
Tim Graham 69b5e66738 Fixed is_safe_url() to handle leading whitespace. 
This is a security fix. Disclosure following shortly.
 2015-01-13 13:03:06 -05:00
Carl Meyer 316b8d4974 Stripped headers containing underscores to prevent spoofing in WSGI environ. 
This is a security fix. Disclosure following shortly.

Thanks to Jedediah Smith for the report.
 2015-01-13 13:03:05 -05:00
Tim Graham 958aeda4b5 Added stub release notes for security releases. 2015-01-13 13:03:05 -05:00