8000 [1.5.x] Minor edits to latest release notes. · alex-python/django@5c65aa9 · GitHub
[go: up one dir, main page]
Skip to content

Commit 5c65aa9

Browse files
timgrahamtimgraham
committed
[1.5.x] Minor edits to latest release notes.
Backport of 860d31a from master
1 parent 4752580 commit 5c65aa9

File tree

2 files changed

+17
-17
lines changed

2 files changed

+17
-17
lines changed

docs/releases/1.4.13.txt

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,18 @@
1-
==========================
1+
===========================
22
Django 1.4.13 release notes
3-
==========================
3+
===========================
44

5-
*May 13, 2014*
5+
*May 14, 2014*
66

77
Django 1.4.13 fixes two security issues in 1.4.12.
88

9-
109
Caches may incorrectly be allowed to store and serve private data
1110
=================================================================
11+
1212
In certain situations, Django may allow caches to store private data
1313
related to a particular session and then serve that data to requests
14-
with a different session, or no session at all. This can both lead to
15-
information disclosure, and can be a vector for cache poisoning.
14+
with a different session, or no session at all. This can lead to
15+
information disclosure and can be a vector for cache poisoning.
1616

1717
When using Django sessions, Django will set a ``Vary: Cookie`` header to
1818
ensure caches do not serve cached data to requests from other sessions.
@@ -22,15 +22,15 @@ Explorer 6, and Internet Explorer 7 if run on Windows XP or Windows Server
2222
types. Therefore, Django would remove the header if the request was made by
2323
Internet Explorer.
2424

25-
To remedy this, the special behaviour for these older Internet Explorer versions
25+
To remedy this, the special behavior for these older Internet Explorer versions
2626
has been removed, and the ``Vary`` header is no longer stripped from the response.
2727
In addition, modifications to the ``Cache-Control`` header for all Internet Explorer
28-
requests with a ``Content-Disposition`` header, have also been removed as they
28+
requests with a ``Content-Disposition`` header have also been removed as they
2929
were found to have similar issues.
3030

31-
3231
Malformed redirect URLs from user input not correctly validated
3332
===============================================================
33+
3434
The validation for redirects did not correctly validate some malformed URLs,
3535
which are accepted by some browsers. This allows a user to be redirected to
3636
an unsafe URL unexpectedly.

docs/releases/1.5.8.txt

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2,17 +2,17 @@
22
Django 1.5.8 release notes
33
==========================
44

5-
*May 13, 2014*
6-
7-
Django 1.5.8 fixes two security issues in 1.5.8.
5+
*May 14, 2014*
86

7+
Django 1.5.8 fixes two security issues in 1.5.8.
98

109
Caches may incorrectly be allowed to store and serve private data
1110
=================================================================
11+
1212
In certain situations, Django may allow caches to store private data
1313
related to a particular session and then serve that data to requests
14-
with a different session, or no session at all. This can both lead to
15-
information disclosure, and can be a vector for cache poisoning.
14+
with a different session, or no session at all. This can lead to
15+
information disclosure and can be a vector for cache poisoning.
1616

1717
When using Django sessions, Django will set a ``Vary: Cookie`` header to
1818
ensure caches do not serve cached data to requests from other sessions.
@@ -22,15 +22,15 @@ Explorer 6, and Internet Explorer 7 if run on Windows XP or Windows Server
2222
types. Therefore, Django would remove the header if the request was made by
2323
Internet Explorer.
2424

25-
To remedy this, the special behaviour for these older Internet Explorer versions
25+
To remedy this, the special behavior for these older Internet Explorer versions
2626
has been removed, and the ``Vary`` header is no longer stripped from the response.
2727
In addition, modifications to the ``Cache-Control`` header for all Internet Explorer
28-
requests with a ``Content-Disposition`` header, have also been removed as they
28+
requests with a ``Content-Disposition`` header have also been removed as they
2929
were found to have similar issues.
3030

31-
3231
Malformed redirect URLs from user input not correctly validated
3332
===============================================================
33+
3434
The validation for redirects did not correctly validate some malformed URLs,
3535
which are accepted by some browsers. This allows a user to be redirected to
3636
an unsafe URL unexpectedly.

0 commit comments

Comments
 (0)
0