pkgsrc/www/py-django
wen f3b2fc9394 Update to 1.9.10(security update)
Upstream changes:
Django 1.9.10 release notes

September 26, 2016

Django 1.9.10 fixes a security issue in 1.9.9.
CSRF protection bypass on a site with Google Analytics

An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection.

The parser for request.COOKIES is simplified to better match the behavior of browsers and to mitigate this attack. request.COOKIES may now contain cookies that are invalid according to RFC 6265 but are possible to set via document.cookie.
2016-10-21 02:19:46 +00:00
..
ALTERNATIVES
DESCR
distinfo Update to 1.9.10(security update) 2016-10-21 02:19:46 +00:00
Makefile Update to 1.9.10(security update) 2016-10-21 02:19:46 +00:00
MESSAGE
PLIST Django 1.9.8 fixes a security issue and several bugs in 1.9.7. 2016-07-19 07:32:42 +00:00