21cc5acead
1.11.5: Fix CVE-2018-14574: Open redirect possibility in CommonMiddleware If the CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash (many content management systems have such a pattern), then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks. CommonMiddleware now escapes leading slashes to prevent redirects to other domains. |
||
|---|---|---|
| .. | ||
| patches | ||
| ALTERNATIVES | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| MESSAGE | ||
| PLIST | ||