summaryrefslogtreecommitdiff
path: root/docs/releases/2.0.10.txt
diff options
context:
space:
mode:
Diffstat (limited to 'docs/releases/2.0.10.txt')
-rw-r--r--docs/releases/2.0.10.txt15
1 files changed, 13 insertions, 2 deletions
diff --git a/docs/releases/2.0.10.txt b/docs/releases/2.0.10.txt
index 18901490e0..8b0bf3a2a2 100644
--- a/docs/releases/2.0.10.txt
+++ b/docs/releases/2.0.10.txt
@@ -2,9 +2,20 @@
Django 2.0.10 release notes
===========================
-*Release date TBD*
+*January 4, 2019*
-Django 2.0.10 fixes several bugs in 2.0.9.
+Django 2.0.10 fixes a security issue and several bugs in 2.0.9.
+
+CVE-2019-3498: Content spoofing possibility in the default 404 page
+-------------------------------------------------------------------
+
+An attacker could craft a malicious URL that could make spoofed content appear
+on the default page generated by the ``django.views.defaults.page_not_found()``
+view.
+
+The URL path is no longer displayed in the default 404 template and the
+``request_path`` context variable is now quoted to fix the issue for custom
+templates that use the path.
Bugfixes
========
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 03:00:21 +0000