#15821: Django 1.3 release notes links to wrong "security issues" page
---------------------------+------------------------------
Reporter: semenov | Owner: nobody
Type: Uncategorized | Status: new
Milestone: | Component: Uncategorized
Version: 1.2 | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 0 |
---------------------------+------------------------------
In [[http://docs.djangoproject.com/en/dev/releases/1.3/#backwards-
incompatible-changes-1-3|Django 1.3 release notes]], it says: "Prior to
Django 1.2.5, the Django administrative interface allowed filtering on any
model field or relation -- not just those specified in list_filter -- via
query string manipulation. Due to
[[http://www.djangoproject.com/weblog/2011/feb/08/security/|security
issues]] reported to us, however, query string lookup arguments in the
admin must be for fields or relations specified in list_filter or
date_hierarchy."
However, the linked "security issues" page doesn't mention anything about
the admin area and list_filter. The link should either be fixed, or
removed.
--
Ticket URL: <http://code.djangoproject.com/ticket/15821>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
