Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.

author: Shai Berger <shai@platonix.com> 2026-04-28 11:59:06 +0300
committer: Jacob Walls <jacobtylerwalls@gmail.com> 2026-04-28 14:16:04 -0400
commit: 604695cddb41981b84a8d976d1f4c74c39e112b0 (patch)
tree: f5ca129cdfeed07ef60bf2a7a501606673f40593
parent: 5b3cfce51770f46c6dc100e9be7f199a37176762 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index c4e2c6f2c3..74a5b71d10 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -1636,6 +1636,12 @@ when using the :djadmin:`collectstatic` management command. See
     modes must be specified. If you try to use ``644``, you'll get totally
     incorrect behavior.
 
+.. admonition:: A numeric value trumps umask
+
+    When this setting has a numeric value (one you've set yourself, or the
+    default ``0o644``), this value will be used as is, and a umask will not
+    be applied to it. The umask will apply only if this setting is ``None``.
+
 .. setting:: FILE_UPLOAD_TEMP_DIR
 
 ``FILE_UPLOAD_TEMP_DIR``
author	Shai Berger <shai@platonix.com>	2026-04-28 11:59:06 +0300
committer	Jacob Walls <jacobtylerwalls@gmail.com>	2026-04-28 14:16:04 -0400
commit	604695cddb41981b84a8d976d1f4c74c39e112b0 (patch)
tree	f5ca129cdfeed07ef60bf2a7a501606673f40593
parent	5b3cfce51770f46c6dc100e9be7f199a37176762 (diff)