Django 1.3 release notes links to wrong "security issues" page
In Django 1.3 release notes, it says: "Prior to Django 1.2.5, the Django administrative interface allowed filtering on any model field or relation -- not just those specified in list_filter -- via query string manipulation. Due to security issues reported to us, however, query string lookup arguments in the admin must be for fields or relations specified in list_filter or date_hierarchy."
However, the linked "security issues" page doesn't mention anything about the admin area and list_filter. The link should either be fixed, or removed.
Change History
(5)
Component: |
Uncategorized → Documentation
|
Type: |
Uncategorized → Bug
|
Has patch: |
set
|
Version: |
1.2 → SVN
|
Triage Stage: |
Unreviewed → Ready for checkin
|
Resolution: |
→ fixed
|
Status: |
new → closed
|
In [16035]: