#24915: Stricter validation on session key
-------------------------------------+-------------------------------------
Reporter: erikr | Owner: sp1ky
Type: | Status: closed
Cleanup/optimization |
Component: contrib.sessions | Version: 1.8
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by erikr):
@sp1ky: thanks for the patch. This patch might qualify under the Google
Patch Rewards programme: http://www.google.com/about/appsecurity/patch-
rewards/
As the patch author, you can try to submit it.
A patch only qualifies once it has been shipped in a release, so you will
have to wait with your submission until 1.9 is actually released. If you
do submit, I'd make sure to mention the blogpost about the vulnerability,
as it shows this is actually a real potential problem that we've now, at
least partially, tackled for the future.
--
Ticket URL: <https://code.djangoproject.com/ticket/24915#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/063.7940288f439a58d0e018a7338fc5fe72%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
