Note di rilascio di Django 1.11.15

1 Agosto 2018

Django 1.11.15 risolve un problema di sicurezza in 1.11.14.

CVE-2018-14574: Aperta la possibilità di reindirizzamenti in CommonMiddleware

If the CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash (many content management systems have such a pattern), then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks.

CommonMiddleware now escapes leading slashes to prevent redirects to other domains.