django.git/docs/topics/security.txt, branch main django http://cgit.adnoto.dev/django.git/atom?h=main 2026-04-07T14:33:38Z Refs CVE-2026-33034 -- Improved security documentation on handling large request bodies. 2026-04-07T14:33:38Z Jake Howard git@theorangeone.net 2026-04-01T14:47:30Z urn:sha1:1c584b0b1edd1def1e9aa4aef25fc5754f485616 Notably that the limit can be bypassed under ASGI. Refs #36485 -- Rewrapped docs to 79 columns line length. 2025-08-25T13:51:10Z David Smith smithdc@gmail.com 2025-07-25T09:24:17Z urn:sha1:f81e6e3a53ee36e3f730a71aa55a5744982dd016 Lines in the docs files were manually adjusted to conform to the 79 columns limit per line (plus newline), improving readability and consistency across the content. Refs #36485 -- Removed unnecessary parentheses in :meth: and :func: roles in docs. 2025-08-25T13:51:10Z David Smith smithdc@gmail.com 2025-05-27T16:37:22Z urn:sha1:6f8e23d1c10c7ce32cea82b65ad2af640015f147 Fixed spelling of "logged-in" when used as an adjective in docs. 2025-08-19T15:43:05Z mengxun 30499307+mengxunQAQ@users.noreply.github.com 2025-08-19T15:43:05Z urn:sha1:f5c944b3141c58bb4a5c7bbca61180b2ad7c13aa Fixed #15727 -- Added Content Security Policy (CSP) support. 2025-06-27T18:57:02Z Rob Hudson rob@cogit8.org 2025-05-03T17:01:58Z urn:sha1:d63241ebc7067fdebbaf704989b34fcd8f26bbe9 This initial work adds a pair of settings to configure specific CSP directives for enforcing or reporting policy violations, a new `django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the appropriate headers to responses, and a context processor to support CSP nonces in templates for safely inlining assets. Relevant documentation has been added for the 6.0 release notes, security overview, a new how-to page, and a dedicated reference section. Thanks to the multiple reviewers for their precise and valuable feedback. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Added security reporting guidelines. 2025-02-24T07:51:08Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2025-02-21T10:26:10Z urn:sha1:59353360590202fab04067e23214a825157c524b Refs #34140 -- Applied rst code-block to non-Python examples. 2023-02-10T18:19:13Z Carlton Gibson carlton.gibson@noumenal.es 2023-02-09T15:48:46Z urn:sha1:534ac4829764f317cf2fbc4a18354fcc998c1425 Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for reviews. Updated OWASP Top 10 link in security topic. 2022-06-16T04:35:20Z Grammy Jiang 719388+grammy-jiang@users.noreply.github.com 2022-06-16T04:35:20Z urn:sha1:ef9121f3e6f62060d2904fb1811dbe7d74834686 Removed versionadded/changed annotations for 4.0. 2022-05-17T12:22:06Z Carlton Gibson carlton.gibson@noumenal.es 2022-05-10T13:07:11Z urn:sha1:ca1c3151c3df48f1fb2cd17df9cfe93800254665 Fixed #30360 -- Added support for secret key rotation. 2022-02-01T10:12:24Z tschilling schillingt@better-simple.com 2021-12-14T03:47:03Z urn:sha1:0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7 Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>