diff options
| author | Claude Paroz <claude@2xlibre.net> | 2015-08-08 13:56:37 +0200 |
|---|---|---|
| committer | Claude Paroz <claude@2xlibre.net> | 2015-08-08 13:57:15 +0200 |
| commit | e9c5c3963138b86678e90622789a30ced668b3dd (patch) | |
| tree | 303dcfc32176c92a6a0c2b5f7a69ec6f1f95b08f /docs | |
| parent | a3830f6d663aee9e91871002cbff7c57aee6d989 (diff) | |
Updated various links in docs
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/faq/admin.txt | 2 | ||||
| -rw-r--r-- | docs/howto/auth-remote-user.txt | 2 | ||||
| -rw-r--r-- | docs/howto/jython.txt | 2 | ||||
| -rw-r--r-- | docs/howto/upgrade-version.txt | 2 | ||||
| -rw-r--r-- | docs/howto/windows.txt | 4 | ||||
| -rw-r--r-- | docs/internals/contributing/committing-code.txt | 2 | ||||
| -rw-r--r-- | docs/internals/contributing/writing-code/unit-tests.txt | 2 | ||||
| -rw-r--r-- | docs/internals/team.txt | 16 | ||||
| -rw-r--r-- | docs/ref/clickjacking.txt | 4 | ||||
| -rw-r--r-- | docs/ref/contrib/gis/gdal.txt | 6 | ||||
| -rw-r--r-- | docs/ref/contrib/gis/install/geolibs.txt | 2 | ||||
| -rw-r--r-- | docs/ref/contrib/gis/install/index.txt | 13 | ||||
| -rw-r--r-- | docs/ref/contrib/gis/measure.txt | 2 | ||||
| -rw-r--r-- | docs/ref/contrib/gis/model-api.txt | 3 | ||||
| -rw-r--r-- | docs/releases/1.0-porting-guide.txt | 4 | ||||
| -rw-r--r-- | docs/releases/1.9.txt | 2 | ||||
| -rw-r--r-- | docs/releases/security.txt | 96 | ||||
| -rw-r--r-- | docs/topics/install.txt | 4 | ||||
| -rw-r--r-- | docs/topics/python3.txt | 2 | ||||
| -rw-r--r-- | docs/topics/security.txt | 2 |
20 files changed, 84 insertions, 88 deletions
diff --git a/docs/faq/admin.txt b/docs/faq/admin.txt index 8deffdf28c..61e84fa974 100644 --- a/docs/faq/admin.txt +++ b/docs/faq/admin.txt @@ -106,4 +106,4 @@ There *may* be minor stylistic differences between supported browsers—for example, some browsers may not support rounded corners. These are considered acceptable variations in rendering. -.. _YUI's A-grade: http://yuilibrary.com/yui/docs/tutorials/gbs/ +.. _YUI's A-grade: https://github.com/yui/yui3/wiki/Graded-Browser-Support diff --git a/docs/howto/auth-remote-user.txt b/docs/howto/auth-remote-user.txt index bef562d565..34f17a8084 100644 --- a/docs/howto/auth-remote-user.txt +++ b/docs/howto/auth-remote-user.txt @@ -10,7 +10,7 @@ Windows Authentication or Apache and `mod_authnz_ldap`_, `CAS`_, `Cosign`_, `WebAuth`_, `mod_auth_sspi`_, etc. .. _mod_authnz_ldap: http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html -.. _CAS: https://www.apereo.org/cas +.. _CAS: https://www.apereo.org/projects/cas .. _Cosign: http://weblogin.org .. _WebAuth: http://www.stanford.edu/services/webauth/ .. _mod_auth_sspi: http://sourceforge.net/projects/mod-auth-sspi diff --git a/docs/howto/jython.txt b/docs/howto/jython.txt index 0d3baf9e77..e7ff3696f0 100644 --- a/docs/howto/jython.txt +++ b/docs/howto/jython.txt @@ -45,7 +45,7 @@ The `django-jython`_ project contains database backends and management commands for Django/Jython development. Note that the builtin Django backends won't work on top of Jython. -.. _`django-jython`: http://code.google.com/p/django-jython/ +.. _`django-jython`: https://github.com/beachmachine/django-jython To install it, follow the `installation instructions`_ detailed on the project Web site. Also, read the `database backends`_ documentation there. diff --git a/docs/howto/upgrade-version.txt b/docs/howto/upgrade-version.txt index 3c9c1b8d78..28c745ef4b 100644 --- a/docs/howto/upgrade-version.txt +++ b/docs/howto/upgrade-version.txt @@ -62,7 +62,7 @@ If you use some other installation process, you might have to manually :ref:`uninstall the old Django version <removing-old-versions-of-django>` and should look at the complete installation instructions. -.. _pip: http://www.pip-installer.org/ +.. _pip: https://pip.pypa.io/ .. _virtualenv: http://www.virtualenv.org/ Testing diff --git a/docs/howto/windows.txt b/docs/howto/windows.txt index 2e92ace34e..d36b62a6a6 100644 --- a/docs/howto/windows.txt +++ b/docs/howto/windows.txt @@ -39,7 +39,7 @@ your Python version and follow the installation instructions given there. Install PIP =========== -`PIP <http://www.pip-installer.org/>`_ is a package manager for Python that +`PIP <https://pip.pypa.io/>`_ is a package manager for Python that uses the `Python Package Index <https://pypi.python.org>`_ to install Python packages. PIP will later be used to install Django from PyPI. If you've installed Python 3.4, ``pip`` is included so you may skip this section. @@ -48,7 +48,7 @@ Open a command prompt and execute ``easy_install pip``. This will install ``pip`` on your system. This command will work if you have successfully installed Setuptools. -Alternatively, go to `<http://www.pip-installer.org/en/latest/installing.html>`_ +Alternatively, go to `<https://pip.pypa.io/en/latest/installing.html>`_ for installing/upgrading instructions. Install Django diff --git a/docs/internals/contributing/committing-code.txt b/docs/internals/contributing/committing-code.txt index 4d752b7099..0b07eaa6de 100644 --- a/docs/internals/contributing/committing-code.txt +++ b/docs/internals/contributing/committing-code.txt @@ -176,7 +176,7 @@ Django's Git repository: commit message, GitHub will close the pull request, but the Trac plugin will also close the same numbered ticket in Trac. -.. _Trac plugin: https://github.com/aaugustin/trac-github +.. _Trac plugin: https://github.com/trac-hacks/trac-github * If your commit references a ticket in the Django `ticket tracker`_ but does *not* close the ticket, include the phrase "Refs #xxxxx", where "xxxxx" diff --git a/docs/internals/contributing/writing-code/unit-tests.txt b/docs/internals/contributing/writing-code/unit-tests.txt index 06eaf90b74..8cf2c8d248 100644 --- a/docs/internals/contributing/writing-code/unit-tests.txt +++ b/docs/internals/contributing/writing-code/unit-tests.txt @@ -183,7 +183,7 @@ associated tests will be skipped. .. _gettext: http://www.gnu.org/software/gettext/manual/gettext.html .. _selenium: https://pypi.python.org/pypi/selenium .. _sqlparse: https://pypi.python.org/pypi/sqlparse -.. _pip requirements files: http://www.pip-installer.org/en/latest/user_guide.html#requirements-files +.. _pip requirements files: https://pip.pypa.io/en/latest/user_guide.html#requirements-files Code coverage ~~~~~~~~~~~~~ diff --git a/docs/internals/team.txt b/docs/internals/team.txt index bdc1e39ec7..f7d48a9830 100644 --- a/docs/internals/team.txt +++ b/docs/internals/team.txt @@ -52,7 +52,7 @@ Journal-World`_ of Lawrence, Kansas, USA. .. _soundslice: https://www.soundslice.com/ .. _simon willison: http://simonwillison.net/ .. _web-development blog: `simon willison`_ -.. _jacob kaplan-moss: http://jacobian.org/ +.. _jacob kaplan-moss: https://jacobian.org/ .. _revolution systems: http://revsys.com/ .. _wilson miner: http://wilsonminer.com/ .. _heroku: https://heroku.com/ @@ -151,7 +151,7 @@ Karen Tracey .. _Jannis Leidel: https://jezdez.com/ .. _Bauhaus-University Weimar: http://www.uni-weimar.de/ .. _virtualenv: http://www.virtualenv.org/ - .. _pip: http://www.pip-installer.org/ + .. _pip: https://pip.pypa.io/ .. _Mozilla: https://www.mozilla.org/ `Andrew Godwin`_ @@ -232,7 +232,7 @@ Tim Graham things Django and Python. .. _Idan Gazit: http://idan.gazit.me - .. _photographer: http://flickr.com/photos/idangazit + .. _photographer: https://flickr.com/photos/idangazit .. _Pixane: http://pixane.com .. _Skills: http://skillsapp.com @@ -421,8 +421,8 @@ Daniele Procida that goal in mind. Erik lives in Amsterdam, The Netherlands. .. _Erik Romijn: http://erik.io/ - .. _Solid Links: http://solidlinks.nl/ - .. _Erik's Pony Checkup: http://ponycheckup.com/ + .. _Solid Links: https://solidlinks.nl/ + .. _Erik's Pony Checkup: https://ponycheckup.com/ `Loïc Bistuer`_ Loïc studied telecommunications engineering and works as an independent @@ -537,7 +537,7 @@ Daniele Procida .. _Tomek Paczkowski: https://hauru.eu .. _DjangoCon Europe 2013: http://love.djangocircus.com - .. _Django Girls: http://djangogirls.org + .. _Django Girls: https://djangogirls.org .. _Squirrel: http://squirrel.me `Ola Sitarska`_ @@ -558,8 +558,8 @@ Daniele Procida .. _Ola Sitarska: http://ola.sitarska.com/ .. _DjangoCon Europe 2013: http://love.djangocircus.com .. _Django Girls Tutorial: http://tutorial.djangogirls.org - .. _Django Girls: http://djangogirls.org - .. _Potato: http://p.ota.to + .. _Django Girls: https://djangogirls.org + .. _Potato: https://p.ota.to Past team members ================= diff --git a/docs/ref/clickjacking.txt b/docs/ref/clickjacking.txt index b26fb211b8..ed51b5ea8f 100644 --- a/docs/ref/clickjacking.txt +++ b/docs/ref/clickjacking.txt @@ -35,7 +35,7 @@ load the resource in a frame if the request originated from the same site. If the header is set to ``DENY`` then the browser will block the resource from loading in a frame no matter which site made the request. -.. _X-Frame-Options: https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header +.. _X-Frame-Options: https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options Django provides a few simple ways to include this header in responses from your site: @@ -127,5 +127,5 @@ See also A `complete list`_ of browsers supporting ``X-Frame-Options``. -.. _complete list: https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header#Browser_compatibility +.. _complete list: https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options#Browser_compatibility .. _other clickjacking prevention techniques: https://en.wikipedia.org/wiki/Clickjacking#Prevention diff --git a/docs/ref/contrib/gis/gdal.txt b/docs/ref/contrib/gis/gdal.txt index 0653edab7a..e04c69c8b4 100644 --- a/docs/ref/contrib/gis/gdal.txt +++ b/docs/ref/contrib/gis/gdal.txt @@ -22,7 +22,7 @@ to raster (image) data. some of the capabilities of OGR and GDAL's raster features at this time. __ http://www.gdal.org/ -__ http://www.gdal.org/ogr/ +__ http://www.gdal.org/ogr_arch.html Overview ======== @@ -94,7 +94,7 @@ each feature in that layer. Returns the name of the data source. -__ http://www.gdal.org/ogr/ogr_formats.html +__ http://www.gdal.org/ogr_formats.html ``Layer`` --------- @@ -455,7 +455,7 @@ systems and coordinate transformation:: reading vector data from :class:`Layer` (which is in turn a part of a :class:`DataSource`). - __ http://www.gdal.org/ogr/classOGRGeometry.html + __ http://www.gdal.org/classOGRGeometry.html .. classmethod:: from_bbox(bbox) diff --git a/docs/ref/contrib/gis/install/geolibs.txt b/docs/ref/contrib/gis/install/geolibs.txt index 6de4af4312..3060194d23 100644 --- a/docs/ref/contrib/gis/install/geolibs.txt +++ b/docs/ref/contrib/gis/install/geolibs.txt @@ -263,4 +263,4 @@ the GDAL library. For example:: It is easier to install the shifting files now, then to have debug a problem caused by their absence later. .. [#] Specifically, GeoDjango provides support for the `OGR - <http://gdal.org/ogr>`_ library, a component of GDAL. + <http://gdal.org/ogr_arch.html>`_ library, a component of GDAL. diff --git a/docs/ref/contrib/gis/install/index.txt b/docs/ref/contrib/gis/install/index.txt index 5e783b8cdb..2b8347695f 100644 --- a/docs/ref/contrib/gis/install/index.txt +++ b/docs/ref/contrib/gis/install/index.txt @@ -234,15 +234,12 @@ Foundation, however, this is not required. Python ^^^^^^ -Although OS X comes with Python installed, users can use framework -installers (`2.7`__, `3.2`__ and `3.3`__ are available) provided by -the Python Software Foundation. An advantage to using the installer is -that OS X's Python will remain "pristine" for internal operating system -use. +Although OS X comes with Python installed, users can use `framework +installers`__ provided by the Python Software Foundation. An advantage to +using the installer is that OS X's Python will remain "pristine" for internal +operating system use. -__ https://python.org/ftp/python/2.7.5/ -__ https://python.org/ftp/python/3.2.5/ -__ https://python.org/ftp/python/3.3.2/ +__ https://www.python.org/ftp/python/ .. note:: diff --git a/docs/ref/contrib/gis/measure.txt b/docs/ref/contrib/gis/measure.txt index 6572ce5c67..260e7d0276 100644 --- a/docs/ref/contrib/gis/measure.txt +++ b/docs/ref/contrib/gis/measure.txt @@ -174,5 +174,5 @@ Measurement API .. rubric:: Footnotes .. [#] `Robert Coup <https://koordinates.com/>`_ is the initial author of the measure objects, - and was inspired by Brian Beck's work in `geopy <http://code.google.com/p/geopy/>`_ + and was inspired by Brian Beck's work in `geopy <https://github.com/geopy/geopy/>`_ and Geoff Biggs' PhD work on dimensioned units for robotics. diff --git a/docs/ref/contrib/gis/model-api.txt b/docs/ref/contrib/gis/model-api.txt index 25bd7756a1..d6fde26c14 100644 --- a/docs/ref/contrib/gis/model-api.txt +++ b/docs/ref/contrib/gis/model-api.txt @@ -118,7 +118,7 @@ are not. Most people are familiar with using latitude and longitude to reference a location on the earth's surface. However, latitude and longitude are angles, -not distances. [#fnharvard]_ In other words, while the shortest path between two points on +not distances. In other words, while the shortest path between two points on a flat surface is a straight line, the shortest path between two points on a curved surface (such as the earth) is an *arc* of a `great circle`__. [#fnthematic]_ Thus, additional computation is required to obtain distances in planar units (e.g., @@ -281,7 +281,6 @@ for example:: .. [#fnogc] OpenGIS Consortium, Inc., `Simple Feature Specification For SQL <http://www.opengeospatial.org/standards/sfs>`_. .. [#fnogcsrid] *See id.* at Ch. 2.3.8, p. 39 (Geometry Values and Spatial Reference Systems). .. [#fnsrid] Typically, SRID integer corresponds to an EPSG (`European Petroleum Survey Group <http://www.epsg.org>`_) identifier. However, it may also be associated with custom projections defined in spatial database's spatial reference systems table. -.. [#fnharvard] Harvard Graduate School of Design, `An Overview of Geodesy and Geographic Referencing Systems <http://www.gsd.harvard.edu/gis/manual/projections/fundamentals/>`_. This is an excellent resource for an overview of principles relating to geographic and Cartesian coordinate systems. .. [#fnthematic] Terry A. Slocum, Robert B. McMaster, Fritz C. Kessler, & Hugh H. Howard, *Thematic Cartography and Geographic Visualization* (Prentice Hall, 2nd edition), at Ch. 7.1.3. .. [#fndist] This limitation does not apply to PostGIS. .. [#fngeography] Please refer to the `PostGIS Geography Type <http://postgis.net/docs/manual-2.1/using_postgis_dbmanagement.html#PostGIS_Geography>`_ documentation for more details. diff --git a/docs/releases/1.0-porting-guide.txt b/docs/releases/1.0-porting-guide.txt index d38c14703c..ea3e905b57 100644 --- a/docs/releases/1.0-porting-guide.txt +++ b/docs/releases/1.0-porting-guide.txt @@ -79,8 +79,8 @@ see `the admin`_ below for more details. A contributor to djangosnippets__ has written a script that'll `scan your models.py and generate a corresponding admin.py`__. - __ http://www.djangosnippets.org/ - __ http://www.djangosnippets.org/snippets/603/ + __ https://www.djangosnippets.org/ + __ https://www.djangosnippets.org/snippets/603/ Example ~~~~~~~ diff --git a/docs/releases/1.9.txt b/docs/releases/1.9.txt index 5d017b3042..4aab9aa070 100644 --- a/docs/releases/1.9.txt +++ b/docs/releases/1.9.txt @@ -122,7 +122,7 @@ The admin sports a modern, flat design. It still provides a fully-functional experience to `YUI's A-grade`_ browsers. Older browser may experience varying levels of graceful degradation. -.. _YUI's A-grade: http://yuilibrary.com/yui/docs/tutorials/gbs/ +.. _YUI's A-grade: https://github.com/yui/yui3/wiki/Graded-Browser-Support Minor features ~~~~~~~~~~~~~~ diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 0c9016ae0b..d70e3b9046 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -42,7 +42,7 @@ issued at the time and CVEs may not have been assigned. August 16, 2006 - CVE-2007-0404 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2007-0404 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0404&cid=3>`_: Filename validation issue in translation framework. `Full description <https://www.djangoproject.com/weblog/2006/aug/16/compilemessages/>`__ +`CVE-2007-0404 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0404&cid=3>`_: Filename validation issue in translation framework. `Full description <https://www.djangoproject.com/weblog/2006/aug/16/compilemessages/>`__ Versions affected ----------------- @@ -54,7 +54,7 @@ Versions affected January 21, 2007 - CVE-2007-0405 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2007-0405 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0405&cid=3>`_: Apparent "caching" of authenticated user. `Full description <https://www.djangoproject.com/weblog/2007/jan/21/0951/>`__ +`CVE-2007-0405 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0405&cid=3>`_: Apparent "caching" of authenticated user. `Full description <https://www.djangoproject.com/weblog/2007/jan/21/0951/>`__ Versions affected ----------------- @@ -70,7 +70,7 @@ security process. These are listed below. October 26, 2007 - CVE-2007-5712 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2007-5712 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5712&cid=3>`_: Denial-of-service via arbitrarily-large ``Accept-Language`` header. `Full description <https://www.djangoproject.com/weblog/2007/oct/26/security-fix/>`__ +`CVE-2007-5712 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5712&cid=3>`_: Denial-of-service via arbitrarily-large ``Accept-Language`` header. `Full description <https://www.djangoproject.com/weblog/2007/oct/26/security-fix/>`__ Versions affected ----------------- @@ -82,7 +82,7 @@ Versions affected May 14, 2008 - CVE-2008-2302 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2008-2302 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2302&cid=3>`_: XSS via admin login redirect. `Full description <https://www.djangoproject.com/weblog/2008/may/14/security/>`__ +`CVE-2008-2302 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2302&cid=3>`_: XSS via admin login redirect. `Full description <https://www.djangoproject.com/weblog/2008/may/14/security/>`__ Versions affected ----------------- @@ -94,7 +94,7 @@ Versions affected September 2, 2008 - CVE-2008-3909 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2008-3909 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3909&cid=3>`_: CSRF via preservation of POST data during admin login. `Full description <https://www.djangoproject.com/weblog/2008/sep/02/security/>`__ +`CVE-2008-3909 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3909&cid=3>`_: CSRF via preservation of POST data during admin login. `Full description <https://www.djangoproject.com/weblog/2008/sep/02/security/>`__ Versions affected ----------------- @@ -106,7 +106,7 @@ Versions affected July 28, 2009 - CVE-2009-2659 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2009-2659 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2659&cid=3>`_: Directory-traversal in development server media handler. `Full description <https://www.djangoproject.com/weblog/2009/jul/28/security/>`__ +`CVE-2009-2659 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2659&cid=3>`_: Directory-traversal in development server media handler. `Full description <https://www.djangoproject.com/weblog/2009/jul/28/security/>`__ Versions affected ----------------- @@ -117,7 +117,7 @@ Versions affected October 9, 2009 - CVE-2009-3965 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2009-3965 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3695&cid=3>`_: Denial-of-service via pathological regular expression performance. `Full description <https://www.djangoproject.com/weblog/2009/oct/09/security/>`__ +`CVE-2009-3965 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3695&cid=3>`_: Denial-of-service via pathological regular expression performance. `Full description <https://www.djangoproject.com/weblog/2009/oct/09/security/>`__ Versions affected ----------------- @@ -128,7 +128,7 @@ Versions affected September 8, 2010 - CVE-2010-3082 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2010-3082 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3082&cid=3>`_: XSS via trusting unsafe cookie value. `Full description <https://www.djangoproject.com/weblog/2010/sep/08/security-release/>`__ +`CVE-2010-3082 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3082&cid=3>`_: XSS via trusting unsafe cookie value. `Full description <https://www.djangoproject.com/weblog/2010/sep/08/security-release/>`__ Versions affected ----------------- @@ -138,7 +138,7 @@ Versions affected December 22, 2010 - CVE-2010-4534 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2010-4534 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4534&cid=3>`_: Information leakage in administrative interface. `Full description <https://www.djangoproject.com/weblog/2010/dec/22/security/>`__ +`CVE-2010-4534 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4534&cid=3>`_: Information leakage in administrative interface. `Full description <https://www.djangoproject.com/weblog/2010/dec/22/security/>`__ Versions affected ----------------- @@ -149,7 +149,7 @@ Versions affected December 22, 2010 - CVE-2010-4535 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2010-4535 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4535&cid=2>`_: Denial-of-service in password-reset mechanism. `Full description <https://www.djangoproject.com/weblog/2010/dec/22/security/>`__ +`CVE-2010-4535 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4535&cid=2>`_: Denial-of-service in password-reset mechanism. `Full description <https://www.djangoproject.com/weblog/2010/dec/22/security/>`__ Versions affected ----------------- @@ -160,7 +160,7 @@ Versions affected February 8, 2011 - CVE-2011-0696 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2011-0696 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0696&cid=2>`_: CSRF via forged HTTP headers. `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`__ +`CVE-2011-0696 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0696&cid=2>`_: CSRF via forged HTTP headers. `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`__ Versions affected ----------------- @@ -171,7 +171,7 @@ Versions affected February 8, 2011 - CVE-2011-0697 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2011-0697 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0697&cid=2>`_: XSS via unsanitized names of uploaded files. `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`__ +`CVE-2011-0697 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0697&cid=2>`_: XSS via unsanitized names of uploaded files. `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`__ Versions affected ----------------- @@ -182,7 +182,7 @@ Versions affected February 8, 2011 - CVE-2011-0698 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2011-0698 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0698&cid=2>`_: Directory-traversal on Windows via incorrect path-separator handling. `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`__ +`CVE-2011-0698 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0698&cid=2>`_: Directory-traversal on Windows via incorrect path-separator handling. `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`__ Versions affected ----------------- @@ -193,7 +193,7 @@ Versions affected September 9, 2011 - CVE-2011-4136 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2011-4136 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4136&cid=2>`_: Session manipulation when using memory-cache-backed session. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__ +`CVE-2011-4136 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4136&cid=2>`_: Session manipulation when using memory-cache-backed session. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__ Versions affected ----------------- @@ -204,7 +204,7 @@ Versions affected September 9, 2011 - CVE-2011-4137 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2011-4137 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4137&cid=2>`_: Denial-of-service via via ``URLField.verify_exists``. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__ +`CVE-2011-4137 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4137&cid=2>`_: Denial-of-service via via ``URLField.verify_exists``. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__ Versions affected ----------------- @@ -215,7 +215,7 @@ Versions affected September 9, 2011 - CVE-2011-4138 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2011-4138 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4138&cid=2>`_: Information leakage/arbitrary request issuance via ``URLField.verify_exists``. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__ +`CVE-2011-4138 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4138&cid=2>`_: Information leakage/arbitrary request issuance via ``URLField.verify_exists``. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__ Versions affected ----------------- @@ -226,7 +226,7 @@ Versions affected September 9, 2011 - CVE-2011-4139 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2011-4139 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4139&cid=2>`_: ``Host`` header cache poisoning. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__ +`CVE-2011-4139 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4139&cid=2>`_: ``Host`` header cache poisoning. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__ Versions affected ----------------- @@ -237,7 +237,7 @@ Versions affected September 9, 2011 - CVE-2011-4140 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2011-4140 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4140&cid=2>`_: Potential CSRF via ``Host`` header. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__ +`CVE-2011-4140 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4140&cid=2>`_: Potential CSRF via ``Host`` header. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__ Versions affected ----------------- @@ -250,7 +250,7 @@ This notification was an advisory only, so no patches were issued. July 30, 2012 - CVE-2012-3442 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2012-3442 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3442&cid=2>`_: XSS via failure to validate redirect scheme. `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`__ +`CVE-2012-3442 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3442&cid=2>`_: XSS via failure to validate redirect scheme. `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`__ Versions affected ----------------- @@ -261,7 +261,7 @@ Versions affected July 30, 2012 - CVE-2012-3443 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2012-3443 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3443&cid=2>`_: Denial-of-service via compressed image files. `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`__ +`CVE-2012-3443 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3443&cid=2>`_: Denial-of-service via compressed image files. `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`__ Versions affected ----------------- @@ -272,7 +272,7 @@ Versions affected July 30, 2012 - CVE-2012-3444 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2012-3444 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3444&cid=2>`_: Denial-of-service via large image files. `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`__ +`CVE-2012-3444 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3444&cid=2>`_: Denial-of-service via large image files. `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`__ Versions affected ----------------- @@ -283,7 +283,7 @@ Versions affected October 17, 2012 - CVE-2012-4520 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2012-4520 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4520&cid=2>`_: ``Host`` header poisoning. `Full description <https://www.djangoproject.com/weblog/2012/oct/17/security/>`__ +`CVE-2012-4520 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4520&cid=2>`_: ``Host`` header poisoning. `Full description <https://www.djangoproject.com/weblog/2012/oct/17/security/>`__ Versions affected ----------------- @@ -327,7 +327,7 @@ Versions affected February 19, 2013 - CVE-2013-1664/1665 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2013-1664 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1664&cid=2>`_ and `CVE-2013-1665 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1665&cid=2>`_: Entity-based attacks against Python XML libraries. `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`__ +`CVE-2013-1664 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1664&cid=2>`_ and `CVE-2013-1665 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1665&cid=2>`_: Entity-based attacks against Python XML libraries. `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`__ Versions affected ----------------- @@ -338,7 +338,7 @@ Versions affected February 19, 2013 - CVE-2013-0305 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2013-0305 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0305&cid=2>`_: Information leakage via admin history log. `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`__ +`CVE-2013-0305 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0305&cid=2>`_: Information leakage via admin history log. `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`__ Versions affected ----------------- @@ -349,7 +349,7 @@ Versions affected February 19, 2013 - CVE-2013-0306 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2013-0306 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0306&cid=2>`_: Denial-of-service via formset ``max_num`` bypass. `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`__ +`CVE-2013-0306 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0306&cid=2>`_: Denial-of-service via formset ``max_num`` bypass. `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`__ Versions affected ----------------- @@ -360,7 +360,7 @@ Versions affected August 13, 2013 - CVE-2013-4249 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2013-4249 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4249&cid=2>`_: XSS via admin trusting ``URLField`` values. `Full description <https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/>`__ +`CVE-2013-4249 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4249&cid=2>`_: XSS via admin trusting ``URLField`` values. `Full description <https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/>`__ Versions affected ----------------- @@ -370,7 +370,7 @@ Versions affected August 13, 2013 - CVE-2013-6044 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2013-6044 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6044&cid=2>`_: Possible XSS via unvalidated URL redirect schemes. `Full description <https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/>`__ +`CVE-2013-6044 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6044&cid=2>`_: Possible XSS via unvalidated URL redirect schemes. `Full description <https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/>`__ Versions affected ----------------- @@ -381,7 +381,7 @@ Versions affected September 10, 2013 - CVE-2013-4315 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2013-4315 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4315&cid=2>`_ Directory-traversal via ``ssi`` template tag. `Full description <https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/>`__ +`CVE-2013-4315 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4315&cid=2>`_ Directory-traversal via ``ssi`` template tag. `Full description <https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/>`__ Versions affected ----------------- @@ -403,7 +403,7 @@ Versions affected April 21, 2014 - CVE-2014-0472 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2014-0472 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0472&cid=2>`_: Unexpected code execution using ``reverse()``. `Full description <https://www.djangoproject.com/weblog/2014/apr/21/security/>`__ +`CVE-2014-0472 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0472&cid=2>`_: Unexpected code execution using ``reverse()``. `Full description <https://www.djangoproject.com/weblog/2014/apr/21/security/>`__ Versions affected ----------------- @@ -416,7 +416,7 @@ Versions affected April 21, 2014 - CVE-2014-0473 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2014-0473 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0473&cid=2>`_: Caching of anonymous pages could reveal CSRF token. `Full description <https://www.djangoproject.com/weblog/2014/apr/21/security/>`__ +`CVE-2014-0473 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0473&cid=2>`_: Caching of anonymous pages could reveal CSRF token. `Full description <https://www.djangoproject.com/weblog/2014/apr/21/security/>`__ Versions affected ----------------- @@ -429,7 +429,7 @@ Versions affected April 21, 2014 - CVE-2014-0474 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2014-0474 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0474&cid=2>`_: MySQL typecasting causes unexpected query results. `Full description <https://www.djangoproject.com/weblog/2014/apr/21/security/>`__ +`CVE-2014-0474 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0474&cid=2>`_: MySQL typecasting causes unexpected query results. `Full description <https://www.djangoproject.com/weblog/2014/apr/21/security/>`__ Versions affected ----------------- @@ -442,7 +442,7 @@ Versions affected May 18, 2014 - CVE-2014-1418 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2014-1418 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1418&cid=2>`_: Caches may be allowed to store and serve private data. `Full description <https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/>`__ +`CVE-2014-1418 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1418&cid=2>`_: Caches may be allowed to store and serve private data. `Full description <https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/>`__ Versions affected ----------------- @@ -455,7 +455,7 @@ Versions affected May 18, 2014 - CVE-2014-3730 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2014-3730 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3730&cid=2>`_: Malformed URLs from user input incorrectly validated. `Full description <https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/>`__ +`CVE-2014-3730 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3730&cid=2>`_: Malformed URLs from user input incorrectly validated. `Full description <https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/>`__ Versions affected ----------------- @@ -468,7 +468,7 @@ Versions affected August 20, 2014 - CVE-2014-0480 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2014-0480 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0480&cid=2>`_: reverse() can generate URLs pointing to other hosts. `Full description <https://www.djangoproject.com/weblog/2014/aug/20/security/>`__ +`CVE-2014-0480 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0480&cid=2>`_: reverse() can generate URLs pointing to other hosts. `Full description <https://www.djangoproject.com/weblog/2014/aug/20/security/>`__ Versions affected ----------------- @@ -481,7 +481,7 @@ Versions affected August 20, 2014 - CVE-2014-0481 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2014-0481 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0481&cid=2>`_: File upload denial of service. `Full description <https://www.djangoproject.com/weblog/2014/aug/20/security/>`__ +`CVE-2014-0481 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0481&cid=2>`_: File upload denial of service. `Full description <https://www.djangoproject.com/weblog/2014/aug/20/security/>`__ Versions affected ----------------- @@ -494,7 +494,7 @@ Versions affected August 20, 2014 - CVE-2014-0482 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2014-0482 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0482&cid=2>`_: RemoteUserMiddleware session hijacking. `Full description <https://www.djangoproject.com/weblog/2014/aug/20/security/>`__ +`CVE-2014-0482 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0482&cid=2>`_: RemoteUserMiddleware session hijacking. `Full description <https://www.djangoproject.com/weblog/2014/aug/20/security/>`__ Versions affected ----------------- @@ -507,7 +507,7 @@ Versions affected August 20, 2014 - CVE-2014-0483 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2014-0483 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0483&cid=2>`_: Data leakage via querystring manipulation in admin. `Full description <https://www.djangoproject.com/weblog/2014/aug/20/security/>`__ +`CVE-2014-0483 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0483&cid=2>`_: Data leakage via querystring manipulation in admin. `Full description <https://www.djangoproject.com/weblog/2014/aug/20/security/>`__ Versions affected ----------------- @@ -520,7 +520,7 @@ Versions affected January 13, 2015 - CVE-2015-0219 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2015-0219 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0219&cid=2>`_: +`CVE-2015-0219 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0219&cid=2>`_: WSGI header spoofing via underscore/dash conflation. `Full description <https://www.djangoproject.com/weblog/2015/jan/13/security/>`__ @@ -534,7 +534,7 @@ Versions affected January 13, 2015 - CVE-2015-0220 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2015-0220 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0220&cid=2>`_: Mitigated possible XSS attack via user-supplied redirect URLs. `Full description <https://www.djangoproject.com/weblog/2015/jan/13/security/>`__ +`CVE-2015-0220 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0220&cid=2>`_: Mitigated possible XSS attack via user-supplied redirect URLs. `Full description <https://www.djangoproject.com/weblog/2015/jan/13/security/>`__ Versions affected ----------------- @@ -546,7 +546,7 @@ Versions affected January 13, 2015 - CVE-2015-0221 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2015-0221 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0221&cid=2>`_: +`CVE-2015-0221 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0221&cid=2>`_: Denial-of-service attack against ``django.views.static.serve()``. `Full description <https://www.djangoproject.com/weblog/2015/jan/13/security/>`__ @@ -560,7 +560,7 @@ Versions affected January 13, 2015 - CVE-2015-0222 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2015-0222 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0222&cid=2>`_: +`CVE-2015-0222 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0222&cid=2>`_: Database denial-of-service with ``ModelMultipleChoiceField``. `Full description <https://www.djangoproject.com/weblog/2015/jan/13/security/>`__ @@ -573,7 +573,7 @@ Versions affected March 9, 2015 - CVE-2015-2241 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2015-2241 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2241&cid=2>`_: +`CVE-2015-2241 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2241&cid=2>`_: XSS attack via properties in ``ModelAdmin.readonly_fields``. `Full description <https://www.djangoproject.com/weblog/2015/mar/09/security-releases/>`__ @@ -586,7 +586,7 @@ Versions affected March 18, 2015 - CVE-2015-2316 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2015-2316 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2316&cid=2>`_: +`CVE-2015-2316 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2316&cid=2>`_: Denial-of-service possibility with ``strip_tags()``. `Full description <https://www.djangoproject.com/weblog/2015/mar/18/security-releases/>`__ @@ -600,7 +600,7 @@ Versions affected March 18, 2015 - CVE-2015-2317 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2015-2317 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2317&cid=2>`_: +`CVE-2015-2317 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2317&cid=2>`_: Mitigated possible XSS attack via user-supplied redirect URLs. `Full description <https://www.djangoproject.com/weblog/2015/mar/18/security-releases/>`__ @@ -615,7 +615,7 @@ Versions affected May 20, 2015 - CVE-2015-3982 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2015-3982 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3982&cid=2>`_: +`CVE-2015-3982 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3982&cid=2>`_: Fixed session flushing in the cached_db backend. `Full description <https://www.djangoproject.com/weblog/2015/may/20/security-release/>`__ @@ -627,7 +627,7 @@ Versions affected July 8, 2015 - CVE-2015-5143 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2015-5143 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5143&cid=2>`_: +`CVE-2015-5143 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5143&cid=2>`_: Denial-of-service possibility by filling session store. `Full description <https://www.djangoproject.com/weblog/2015/jul/08/security-releases/>`__ @@ -641,7 +641,7 @@ Versions affected July 8, 2015 - CVE-2015-5144 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2015-5144 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5144&cid=2>`_: +`CVE-2015-5144 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5144&cid=2>`_: Header injection possibility since validators accept newlines in input. `Full description <https://www.djangoproject.com/weblog/2015/jul/08/security-releases/>`__ @@ -655,7 +655,7 @@ Versions affected July 8, 2015 - CVE-2015-5145 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`CVE-2015-5145 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5145&cid=2>`_: +`CVE-2015-5145 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5145&cid=2>`_: Denial-of-service possibility in URL validation. `Full description <https://www.djangoproject.com/weblog/2015/jul/08/security-releases/>`__ diff --git a/docs/topics/install.txt b/docs/topics/install.txt index 549b07ec9a..48c78c9e7c 100644 --- a/docs/topics/install.txt +++ b/docs/topics/install.txt @@ -184,10 +184,10 @@ This is the recommended way to install Django. privileges, and this will install Django in the virtualenv's ``site-packages`` directory. -.. _pip: http://www.pip-installer.org/ +.. _pip: https://pip.pypa.io/ .. _virtualenv: http://www.virtualenv.org/ .. _virtualenvwrapper: http://virtualenvwrapper.readthedocs.org/en/latest/ -.. _standalone pip installer: http://www.pip-installer.org/en/latest/installing.html#install-pip +.. _standalone pip installer: https://pip.pypa.io/en/latest/installing.html#install-pip Installing an official release manually ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/docs/topics/python3.txt b/docs/topics/python3.txt index 9520d5c764..dfe19c0a37 100644 --- a/docs/topics/python3.txt +++ b/docs/topics/python3.txt @@ -245,7 +245,7 @@ consequence, the following pattern is sometimes necessary:: Be cautious if you have to `index bytestrings`_. -.. _index bytestrings: https://docs.python.org/3/howto/pyporting.html#indexing-bytes-objects +.. _index bytestrings: https://docs.python.org/3/howto/pyporting.html#text-versus-binary-data Exceptions ~~~~~~~~~~ diff --git a/docs/topics/security.txt b/docs/topics/security.txt index b080979812..84e60644f8 100644 --- a/docs/topics/security.txt +++ b/docs/topics/security.txt @@ -271,4 +271,4 @@ security protection of the Web server, operating system and other components. * It is a good idea to limit the accessibility of your caching system and database using a firewall. -.. _LimitRequestBody: http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestbody +.. _LimitRequestBody: http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestbody |
