diff options
author | Tim Graham <timograham@gmail.com> | 2016-09-26 18:01:19 -0400 |
---|---|---|
committer | Tim Graham <timograham@gmail.com> | 2016-09-26 18:22:19 -0400 |
commit | 48b1e9fb1746569b13f84158f98c47a557a92ec4 (patch) | |
tree | 3a6c06034042cb1431347df9385365ed73711cb7 | |
parent | 4335d121ca0a57087c988d3574205e0a3999a8df (diff) | |
download | django-48b1e9fb1746569b13f84158f98c47a557a92ec4.tar.gz |
[1.9.x] Added CVE-2016-7401 to the security release archive.
Backport of 6fe846a8f08dc959003f298b5407e321c6fe3735 from master
-rw-r--r-- | docs/releases/security.txt | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 8a9d73de36..898b7f3c30 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -769,3 +769,15 @@ Versions affected * Django 1.9 `(patch) <https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158>`__ * Django 1.8 `(patch) <https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d>`__ + +September 26, 2016 - :cve:`2016-7401` +------------------------------------- + +CSRF protection bypass on a site with Google Analytics. `Full description +<https://www.djangoproject.com/weblog/2016/sep/26/security-releases/>`__ + +Versions affected +~~~~~~~~~~~~~~~~~ + +* Django 1.9 `(patch) <https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a>`__ +* Django 1.8 `(patch) <https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a>`__ |