id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
15821	"Django 1.3 release notes links to wrong ""security issues"" page"	Ilya Semenov	nobody	"In [[http://docs.djangoproject.com/en/dev/releases/1.3/#backwards-incompatible-changes-1-3|Django 1.3 release notes]], it says: ""Prior to Django 1.2.5, the Django administrative interface allowed filtering on any model field or relation -- not just those specified in list_filter -- via query string manipulation. Due to [[http://www.djangoproject.com/weblog/2011/feb/08/security/|security issues]] reported to us, however, query string lookup arguments in the admin must be for fields or relations specified in list_filter or date_hierarchy."" 

However, the linked ""security issues"" page doesn't mention anything about the admin area and list_filter. The link should either be fixed, or removed."	Bug	closed	Documentation	dev	Normal	fixed			Ready for checkin	1	0	0	0	0	0