File: NEWS

package info (click to toggle)
python-django 0.95.1-1etch2
  • links: PTS
  • area: main
  • in suites: etch
  • size: 6,344 kB
  • ctags: 3,919
  • sloc: python: 24,083; makefile: 14; sql: 6
file content (12 lines) | stat: -rw-r--r-- 649 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
 
python-django (0.95.1-1etch2) stable-security; urgency=low
  
  The security fix included in this release introduces a backwards-incompatible
  change. The feature that retained HTTP POST data during re-authentication
  after session expiry has removed because of a cross-site request forgery 
  vulnerability (CSRF) that enabled unrequested modification/deletion of data.
  Consequently, if you made use of this feature in the past, things might not 
  behave as they used to. For more information see[1].
  
  [1] http://www.djangoproject.com/weblog/2008/sep/02/security/
  
 -- David Spreen <netzwurm@debian.org>  Sat, 06 Sep 2008 13:12:29 -0700