#28155: Security system checks do not ignore MIDDLEWARE_CLASSES when MIDDLEWARE
is
defined
--------------------------------------+------------------------------------
Reporter: Pritam Baral | Owner: nobody
Type: Bug | Status: closed
Component: Core (System checks) | Version: 1.10
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by Simon Charette):
* status: new => closed
* version: 1.11 => 1.10
* resolution: => wontfix
* stage: Unreviewed => Accepted
Comment:
Thank you for taking the time to report this issue but I'll mark this
ticket as ''wontfix'' for the following reasons.
The bug has been present since 1.10's introduction of
`settings.MIDDLEWARE` and at this point the 1.10 branch only receives
security fixes, 1.11 only fixes for major functionality bugs in new
features of the latest stable release and the master branch removed all
references to `settings.MIDDLEWARE_CLASSES`.
Since this bug can be easily worked around by silencing `1_10.W001` and
that disabling CSRF protection is uncommon and discouraged I don't think
it warrants a backport to 1.11.
--
Ticket URL: <https://code.djangoproject.com/ticket/28155#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/069.2046cd7f47a791eacc60219725d42884%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
