Django 1.3 release notes links to wrong "security issues" page
|Reported by:||Ilya Semenov||Owned by:||nobody|
|Cc:||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
In Django 1.3 release notes, it says: "Prior to Django 1.2.5, the Django administrative interface allowed filtering on any model field or relation -- not just those specified in list_filter -- via query string manipulation. Due to security issues reported to us, however, query string lookup arguments in the admin must be for fields or relations specified in list_filter or date_hierarchy."
However, the linked "security issues" page doesn't mention anything about the admin area and list_filter. The link should either be fixed, or removed.
Change History (5)
comment:1 Changed 6 years ago by
|Component:||Uncategorized → Documentation|
|Patch needs improvement:||unset|
|Type:||Uncategorized → Bug|