| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2013-06-26 | Fixed missing initializations in WSGIRequest. Refs #20619 | Loic Bistuer | |
| 2013-06-01 | Fixed #18481 -- Wrapped request.FILES read error in UnreadablePostError | Claude Paroz | |
| Thanks KyleMac for the report, André Cruz for the initial patch and Hiroki Kiyohara for the tests. | |||
| 2013-05-25 | Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation. | Preston Holmes | |
| SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review. | |||
| 2013-04-03 | Fixed #20038 -- Better error message for host validation. | Baptiste Mispelon | |
| 2013-03-10 | Fixed #20019 -- Ensured HttpRequest.resolver_match always exists. | Aymeric Augustin | |
| Obviously it isn't set until the URL is resolved. | |||
| 2013-02-19 | Added a new required ALLOWED_HOSTS setting for HTTP host header validation. | Carl Meyer | |
| This is a security fix; disclosure and advisory coming shortly. | |||
| 2012-12-29 | Removed HttpRequest.raw_post_data. | Aymeric Augustin | |
| 2012-12-10 | Fixed a security issue in get_host. | Florian Apolloner | |
| Full disclosure and new release forthcoming. | |||
| 2012-11-03 | Fixed #19101 -- Decoding of non-ASCII POST data on Python 3. | Aymeric Augustin | |
| Thanks Claude Paroz. | |||
| 2012-10-21 | Cleaned up the the http module. Moved all of the code from __init__.py to ↵ | Alex Gaynor | |
| request.py, response.py and utils.py | |||
