summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/1.4-beta-1.txt7
-rw-r--r--docs/releases/1.4.txt7
2 files changed, 10 insertions, 4 deletions
diff --git a/docs/releases/1.4-beta-1.txt b/docs/releases/1.4-beta-1.txt
index c8b4536f62..092ac5bc4e 100644
--- a/docs/releases/1.4-beta-1.txt
+++ b/docs/releases/1.4-beta-1.txt
@@ -1112,8 +1112,11 @@ Session cookies now have the ``httponly`` flag by default
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Session cookies now include the ``httponly`` attribute by default to
-help reduce the impact of potential XSS attacks. For strict backwards
-compatibility, use ``SESSION_COOKIE_HTTPONLY = False`` in your settings file.
+help reduce the impact of potential XSS attacks. As a consequence of
+this change, session cookie data, including sessionid, is no longer
+accessible from Javascript in many browsers. For strict backwards
+compatibility, use ``SESSION_COOKIE_HTTPONLY = False`` in your
+settings file.
Wildcard expansion of application names in `INSTALLED_APPS`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/docs/releases/1.4.txt b/docs/releases/1.4.txt
index cce28d8c78..de4cdadc3c 100644
--- a/docs/releases/1.4.txt
+++ b/docs/releases/1.4.txt
@@ -998,8 +998,11 @@ Session cookies now have the ``httponly`` flag by default
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Session cookies now include the ``httponly`` attribute by default to
-help reduce the impact of potential XSS attacks. For strict backwards
-compatibility, use ``SESSION_COOKIE_HTTPONLY = False`` in your settings file.
+help reduce the impact of potential XSS attacks. As a consequence of
+this change, session cookie data, including sessionid, is no longer
+accessible from Javascript in many browsers. For strict backwards
+compatibility, use ``SESSION_COOKIE_HTTPONLY = False`` in your
+settings file.
The :tfilter:`urlize` filter no longer escapes every URL
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~