| Age | Commit message (Collapse) | Author |
|
This follows a post from Seth Larson (Security Developer-in-Residence at the PSF):
https://sethmlarson.dev/respecting-maintainer-time-should-be-in-security-policies
|
|
RemoteUserMiddleware under ASGI.
We have a flood of nuisance security reports describing ASGI deployments
using RemoteUserMiddleware without a fronting proxy, which is not
realistic.
|
|
|
|
The `docs` GitHub action does not install `aspell` so the seplling
checks are always passing in CI. After installing it, the following
errors are reported:
WARNING: internals/security.txt:50: : Spell check: runnable: Include a runnable proof of concept.
WARNING: ref/contrib/postgres/search.txt:292: : Spell check: lexeme: an untrusted source. The content of each lexeme is escaped so that any.
WARNING: ref/contrib/postgres/search.txt:295: : Spell check: lexemes: You can combine lexemes with other lexemes using the .
WARNING: ref/contrib/postgres/search.txt:295: : Spell check: lexemes: You can combine lexemes with other lexemes using the .
WARNING: ref/contrib/postgres/search.txt:314: : Spell check: Lexeme: Lexeme objects also support term weighting and prefixes:.
WARNING: ref/models/database-functions.txt:1897: : Spell check: ai: 23ai/26ai (23.9) or later..
WARNING: ref/models/database-functions.txt:1897: : Spell check: ai: 23ai/26ai (23.9) or later..
WARNING: ref/models/expressions.txt:439: : Spell check: positionally: can be supplied positionally or only by keyword. For.
WARNING: ref/models/fields.txt:1339: : Spell check: ai: PostgreSQL < 18 only supports persisted columns. Oracle < 23ai/26ai (23.7).
WARNING: ref/models/fields.txt:1339: : Spell check: ai: PostgreSQL < 18 only supports persisted columns. Oracle < 23ai/26ai (23.7).
WARNING: ref/models/fields.txt:1344: : Spell check: ai: s was added on Oracle 23ai/26ai.
WARNING: ref/models/fields.txt:1344: : Spell check: ai: s was added on Oracle 23ai/26ai.
WARNING: releases/4.2.21.txt:24: : Spell check: unclosed: exception if it encounters an unusually large number of unclosed opening tags..
WARNING: releases/5.1.9.txt:24: : Spell check: unclosed: exception if it encounters an unusually large number of unclosed opening tags..
WARNING: releases/5.2.1.txt:24: : Spell check: unclosed: exception if it encounters an unusually large number of unclosed opening tags..
WARNING: releases/6.1.txt:244: : Spell check: mistyped: suggestions for mistyped subcommand names and argument choices..
WARNING: releases/6.1.txt:281: : Spell check: ai: Oracle 23ai/26ai (23.7+)..
WARNING: releases/6.1.txt:281: : Spell check: ai: Oracle 23ai/26ai (23.7+)..
WARNING: releases/6.1.txt:343: : Spell check: durations: durations expressed in weeks (.
WARNING: Found 19 misspelled words
build finished with problems, 20 warnings (with warnings treated as errors).
This branch adds some of the words to the allowlist, but for others I
chose to rephrase the text in a more approachable manner.
|
|
expressions.
Thanks Clifford Gama and Simon Charette for reviews.
|
|
Lines in the docs files were manually adjusted to conform to the
79 columns limit per line (plus newline), improving readability and
consistency across the content.
|
|
|
|
Co-authored-by: Shai Berger <shai@platonix.com>
Co-authored-by: Mike Edmunds <medmunds@gmail.com>
|
|
content via the DTL.
This also removes the need to add warnings for every Django template filter.
|
|
|
|
|
|
Co-authored-by: Shai Berger <shai@platonix.com>
|
|
Co-authored-by: Joshua Olatunji <joshua+github@etentlabs.com>
|
|
|
|
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
This change follows a long discussion on django-develops:
https://groups.google.com/g/django-developers/c/tctDuKUGosc/
|
|
|
|
involved difficulty.
This patch does not remove all occurrences of the words in question.
Rather, I went through all of the occurrences of the words listed
below, and judged if they a) suggested the reader had some kind of
knowledge/experience, and b) if they added anything of value (including
tone of voice, etc). I left most of the words alone. I looked at the
following words:
- simply/simple
- easy/easier/easiest
- obvious
- just
- merely
- straightforward
- ridiculous
Thanks to Carlton Gibson for guidance on how to approach this issue, and
to Tim Bell for providing the idea. But the enormous lion's share of
thanks go to Adam Johnson for his patient and helpful review.
|
|
|
|
|
|
|
|
|
|
It's moved to https://www.djangoproject.com/foundation/teams/.
|
|
Also added security release date notifications to django-announce.
|
|
|
|
|
|
|
|
|
|
Most of these changes are about using the correct vocabulary -- "core
team member" vs "core developer/committer" and adding internal links.
|
|
|
|
|
|
|
|
|
|
|
|
Added docs/internals/mailing-lists.txt documenting the use of django's
mailing lists. All references across docs changed to point to this page.
The referencing makes use of substitution because there's no way to make
a :ref: link in a non-inline fashion in Sphinx. It also makes use of
rst_epilog Sphinx conf for making this substitutions across all the
docs.
|
|
|
|
|
|
Thanks garrison for the report.
|
|
|
|
This formally describes our policies on reporting, notification and
disclosure of security issues, and provides a detailed explanation of
our full security-response process, for reference purposes.
|