Django 4.2.2.dev20230512133603 文档

Home | Table of contents | Index | Modules

« previous | up | next »

Django 1.8.14 版本发行说明

July 18, 2016

Django 1.8.14 fixes a security issue and a bug in 1.8.13.

XSS in admin's add/change related popup

Unsafe usage of JavaScript's Element.innerHTML could result in XSS in the admin's add/change related popup. Element.textContent is now used to prevent execution of the data.

The debug view also used innerHTML. Although a security issue wasn't identified there, out of an abundance of caution it's also updated to use textContent.

漏洞修复

• Fixed missing varchar/text_pattern_ops index on CharField and TextField respectively when using AddField on PostgreSQL (#26889).

Last update:

5月 12, 2023

« previous | up | next »