[1.6.x] Fixed #21121: Added archive of security issues.

Backport of 9d3e60a, 8e134c2, 8b3bae9, c65ae7c, bbabc53, and a2e25e8 from master.
django · Sep 19, 2013 · 886e876 · 886e876
1 parent 091ae7f
commit 886e876
Show file tree

Hide file tree

Showing 4 changed files with 468 additions and 0 deletions.
diff --git a/docs/index.txt b/docs/index.txt
@@ -211,6 +211,7 @@ Security is a topic of paramount importance in the development of Web
 applications and Django provides multiple protection tools and mechanisms:
 
 * :doc:`Security overview <topics/security>`
+* :doc:`Disclosed security issues in Django <releases/security>`
 * :doc:`Clickjacking protection <ref/clickjacking>`
 * :doc:`Cross Site Request Forgery protection <ref/contrib/csrf>`
 * :doc:`Cryptographic signing <topics/signing>`

diff --git a/docs/internals/security.txt b/docs/internals/security.txt
@@ -1,3 +1,5 @@
+.. _internals-security:
+
 ==========================
 Django's security policies
 ==========================
@@ -124,6 +126,10 @@ may privately contact and discuss those issues with the appropriate
 maintainers, and coordinate our own disclosure and resolution with
 theirs.
 
+The Django team also maintains an :doc:`archive of security issues
+disclosed in Django</releases/security>`.
+
+
 .. _security-notifications:
 
 Who receives advance notification

diff --git a/docs/releases/index.txt b/docs/releases/index.txt
@@ -105,6 +105,16 @@ Pre-1.0 releases
    0.96
    0.95
 
+Security releases
+=================
+
+Whenever a security issue is disclosed via :doc:`Django's security
+policies </internals/security>`, appropriate release notes are now
+added to all affected release series.
+
+Additionally, :doc:`an archive of disclosed security issues
+</releases/security>` is maintained.
+
 Development releases
 ====================
 
@@ -115,6 +125,7 @@ notes.
 .. toctree::
    :maxdepth: 1
 
+   security
    1.5-beta-1
    1.5-alpha-1
    1.4-beta-1