Don't characterize XML vulnerabilities as DoS-only.

author: Carl Meyer <carl@oddbird.net> 2013-02-19 18:20:08 -0700
committer: Carl Meyer <carl@oddbird.net> 2013-02-19 18:20:08 -0700
commit: c7f80b428bc7440d61f94b8ae99c5d5959369541 (patch)
tree: c25308402538b9de9ebce19ab2a220f89d0b9d2c
parent: 23ef6e1baf29d0390d5b94de0441e19f722d3aab (diff)
1 files changed, 5 insertions, 6 deletions
diff --git a/docs/releases/1.5.txt b/docs/releases/1.5.txt
index 73986d226f..c965af4228 100644
--- a/docs/releases/1.5.txt
+++ b/docs/releases/1.5.txt
@@ -631,12 +631,11 @@ databases <contrib_app_multiple_databases>` for more information.
 XML deserializer will not parse documents with a DTD
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-In order to prevent exposure to denial-of-service attacks related to external
-entity references and entity expansion, the XML model deserializer now refuses
-to parse XML documents containing a DTD (DOCTYPE definition). Since the XML
-serializer does not output a DTD, this will not impact typical usage, only
-cases where custom-created XML documents are passed to Django's model
-deserializer.
+In order to prevent exposure to attacks related to external entity references
+and entity expansion, the XML model deserializer now refuses to parse XML
+documents containing a DTD (DOCTYPE definition). Since the XML serializer does
+not output a DTD, this will not impact typical usage, only cases where
+custom-created XML documents are passed to Django's model deserializer.
 
 Formsets default ``max_num``
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
author	Carl Meyer <carl@oddbird.net>	2013-02-19 18:20:08 -0700
committer	Carl Meyer <carl@oddbird.net>	2013-02-19 18:20:08 -0700
commit	c7f80b428bc7440d61f94b8ae99c5d5959369541 (patch)
tree	c25308402538b9de9ebce19ab2a220f89d0b9d2c
parent	23ef6e1baf29d0390d5b94de0441e19f722d3aab (diff)