#12909: Exceptions raised in response middleware don't invoke site 500/404
handlers.
-------------------------------------+--------------------------------------
          Reporter:  jhovanny        |         Owner:  nobody  
            Status:  new             |     Milestone:          
         Component:  Core framework  |       Version:  1.2-beta
        Resolution:                  |      Keywords:          
             Stage:  Accepted        |     Has_patch:  0       
        Needs_docs:  0               |   Needs_tests:  0       
Needs_better_patch:  0               |  
-------------------------------------+--------------------------------------
Changes (by russellm):

  * needs_better_patch:  => 0
  * component:  django.contrib.sessions => Core framework
  * needs_tests:  => 0
  * summary:  Session Middleware ignores DEBUG setting - Potential Security
              Issue => Exceptions raised in response
              middleware don't invoke site 500/404 handlers.
  * milestone:  1.2 =>
  * needs_docs:  => 0
  * stage:  Unreviewed => Accepted

Comment:

 Correcting the title to remove the scaremongering. This isn't even
 remotely a security issue. There is nothing private or exploitable being
 released here.

 On that note - it doesn't matter now, but *PLEASE* don't report security
 issues in Trac. [See Django's security policy
 http://docs.djangoproject.com/en/dev/internals/contributing/#id2] for
 instructions on how to report potential security problems.

 Now - back to the ticket.

 The issue here is that exceptions raised in a process_response component
 of a middleware don't invoke the 500 handling infrastructure.

-- 
Ticket URL: <http://code.djangoproject.com/ticket/12909#comment:1>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Reply via email to