diff --git a/docs/index.txt b/docs/index.txt index 6812d73206d25..3508b17669814 100644 --- a/docs/index.txt +++ b/docs/index.txt @@ -215,6 +215,7 @@ Security is a topic of paramount importance in the development of Web applications and Django provides multiple protection tools and mechanisms: * :doc:`Security overview ` +* :doc:`Disclosed security issues in Django ` * :doc:`Clickjacking protection ` * :doc:`Cross Site Request Forgery protection ` * :doc:`Cryptographic signing ` diff --git a/docs/internals/security.txt b/docs/internals/security.txt index 7451dbdca40a4..e6394ae161598 100644 --- a/docs/internals/security.txt +++ b/docs/internals/security.txt @@ -128,8 +128,8 @@ may privately contact and discuss those issues with the appropriate maintainers, and coordinate our own disclosure and resolution with theirs. -The Django team also maintains an :ref:`archive of security issues -disclosed in Django `. +The Django team also maintains an :doc:`archive of security issues +disclosed in Django`. .. _security-notifications: diff --git a/docs/releases/index.txt b/docs/releases/index.txt index 33dc780cace16..a0fe22e9bba5f 100644 --- a/docs/releases/index.txt +++ b/docs/releases/index.txt @@ -115,12 +115,12 @@ Pre-1.0 releases Security releases ================= -Whenever a security issue is disclosed via :ref:`Django's security -policies `, appropriate release notes are now +Whenever a security issue is disclosed via :doc:`Django's security +policies `, appropriate release notes are now added to all affected release series. -Additionally, :ref:`an archive of disclosed security issues -` is maintained. +Additionally, :doc:`an archive of disclosed security issues +` is maintained. Development releases ==================== @@ -132,6 +132,7 @@ notes. .. toctree:: :maxdepth: 1 + security 1.5-beta-1 1.5-alpha-1 1.4-beta-1 diff --git a/docs/releases/security.txt b/docs/releases/security.txt index edeea67b2addd..635e51efe830f 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -6,7 +6,7 @@ Archive of security issues Django's development team is strongly committed to responsible reporting and disclosure of security-related issues, as outlined in -:ref:`Django's security policies `. +:doc:`Django's security policies `. As part of that commitment, we maintain the following historical list of issues which have been fixed and disclosed. For each issue, the @@ -54,9 +54,9 @@ August 16, 2006 * Django 0.91 -* `Full description `_ +* `Full description `__ -* Patch: `unified 0.90/0.91 `_ +* Patch: `unified 0.90/0.91 `__ January 21, 2007 @@ -64,7 +64,7 @@ January 21, 2007 * **Issues:** - * Patch CVE-2007-0404 for Django 0.95 + * Patch `CVE-2007-0404`_ for Django 0.95 * Apparent "caching" of authenticated user: `CVE-2007-0405 `_ @@ -72,13 +72,13 @@ January 21, 2007 * Django 0.95 -* `Full description `_ +* `Full description `__ * **Patches:** - * `2006-08-26 issue `_ + * `2006-08-26 issue `__ - * `User caching issue `_ + * `User caching issue `__ @@ -104,15 +104,15 @@ October 26, 2007 * Django 0.96 -* `Full description `_ +* `Full description `__ * **Patches:** - * `0.91 `_ + * `0.91 `__ - * `0.95 `_ + * `0.95 `__ - * `0.96 `_ + * `0.96 `__ May 14, 2008 @@ -130,15 +130,15 @@ May 14, 2008 * Django 0.96 -* `Full description `_ +* `Full description `__ * **Patches:** - * `0.91 `_ + * `0.91 `__ - * `0.95 `_ + * `0.95 `__ - * `0.96 `_ + * `0.96 `__ September 2, 2008 @@ -156,15 +156,15 @@ September 2, 2008 * Django 0.96 -* `Full description `_ +* `Full description `__ * **Patches:** - * `0.91 `_ + * `0.91 `__ - * `0.95 `_ + * `0.95 `__ - * `0.96 `_ + * `0.96 `__ July 28, 2009 @@ -180,13 +180,13 @@ July 28, 2009 * Django 1.0 -* `Full description `_ +* `Full description `__ * **Patches:** - * `0.96 `_ + * `0.96 `__ - * `1.0 `_ + * `1.0 `__ October 9, 2009 @@ -202,13 +202,13 @@ October 9, 2009 * Django 1.1 -* `Full description `_ +* `Full description `__ * **Patches:** - * `1.0 `_ + * `1.0 `__ - * `1.1 `_ + * `1.1 `__ September 8, 2010 @@ -222,11 +222,11 @@ September 8, 2010 * Django 1.2 -* `Full description `_ +* `Full description `__ * **Patches:** - * `1.2 `_ + * `1.2 `__ December 22, 2010 @@ -244,17 +244,17 @@ December 22, 2010 * Django 1.2 -* `Full description `_ +* `Full description `__ * **Patches:** - * `1.1 CVE-2010-4534 `_ + * `1.1 CVE-2010-4534 `__ - * `1.1 CVE-2010-4535 `_ + * `1.1 CVE-2010-4535 `__ - * `1.2 CVE-2010-4534 `_ + * `1.2 CVE-2010-4534 `__ - * `1.2 CVE-2010-4535 `_ + * `1.2 CVE-2010-4535 `__ February 8, 2011 @@ -274,21 +274,21 @@ February 8, 2011 * Django 1.2 -* `Full description `_ +* `Full description `__ * **Patches:** - * `1.1 CVE-2010-0696 `_ + * `1.1 CVE-2010-0696 `__ - * `1.1 CVE-2010-0697 `_ + * `1.1 CVE-2010-0697 `__ - * `1.1 CVE-2010-0698 `_ + * `1.1 CVE-2010-0698 `__ - * `1.2 CVE-2010-0696 `_ + * `1.2 CVE-2010-0696 `__ - * `1.2 CVE-2010-0697 `_ + * `1.2 CVE-2010-0697 `__ - * `1.2 CVE-2010-0698 `_ + * `1.2 CVE-2010-0698 `__ September 9, 2011 @@ -314,21 +314,21 @@ September 9, 2011 * Django 1.3 -* `Full description `_ +* `Full description `__ * **Patches:** - * `1.2 CVE-2011-4136 `_ + * `1.2 CVE-2011-4136 `__ - * `1.2 CVE-2011-4137 and CVE-2011-4138 `_ + * `1.2 CVE-2011-4137 and CVE-2011-4138 `__ - * `1.2 CVE-2011-4139 `_ + * `1.2 CVE-2011-4139 `__ - * `1.3 CVE-2011-4136 `_ + * `1.3 CVE-2011-4136 `__ - * `1.3 CVE-2011-4137 and CVE-2011-4138 `_ + * `1.3 CVE-2011-4137 and CVE-2011-4138 `__ - * `1.3 CVE-2011-4139 `_ + * `1.3 CVE-2011-4139 `__ July 30, 2012 @@ -348,21 +348,21 @@ July 30, 2012 * Django 1.4 -* `Full description `_ +* `Full description `__ * **Patches:** - * `1.3 CVE-2012-3442 `_ + * `1.3 CVE-2012-3442 `__ - * `1.3 CVE-2012-3443 `_ + * `1.3 CVE-2012-3443 `__ - * `1.3 CVE-2012-3444 `_ + * `1.3 CVE-2012-3444 `__ - * `1.4 CVE-2012-3442 `_ + * `1.4 CVE-2012-3442 `__ - * `1.4 CVE-2012-3443 `_ + * `1.4 CVE-2012-3443 `__ - * `1.4 CVE-2012-3444 `_ + * `1.4 CVE-2012-3444 `__ October 17, 2012 @@ -378,13 +378,13 @@ October 17, 2012 * Django 1.4 -* `Full description `_ +* `Full description `__ * **Patches:** - * `1.3 `_ + * `1.3 `__ - * `1.4 `_ + * `1.4 `__ December 10, 2012 @@ -402,17 +402,17 @@ December 10, 2012 * Django 1.4 -* `Full description `_ +* `Full description `__ * **Patches:** - * `1.3 Host hardening `_ + * `1.3 Host hardening `__ - * `1.3 redirect hardening `_ + * `1.3 redirect hardening `__ - * `1.4 Host hardening `_ + * `1.4 Host hardening `__ - * `1.4 redirect hardning `_ + * `1.4 redirect hardning `__ February 19, 2013 @@ -434,25 +434,25 @@ February 19, 2013 * Django 1.4 -* `Full description `_ +* `Full description `__ * **Patches:** - * `1.3 Host hardening `_ + * `1.3 Host hardening `__ - * `1.3 XML attacks `_ + * `1.3 XML attacks `__ - * `1.3 CVE-2013-0305 `_ + * `1.3 CVE-2013-0305 `__ - * `1.3 CVE-2013-0306 `_ + * `1.3 CVE-2013-0306 `__ - * `1.4 Host hardening `_ + * `1.4 Host hardening `__ - * `1.4 XML attacks `_ + * `1.4 XML attacks `__ - * `1.4 CVE-2013-0305 `_ + * `1.4 CVE-2013-0305 `__ - * `1.4 CVE-2013-0306 `_ + * `1.4 CVE-2013-0306 `__ August 13, 2013 @@ -470,15 +470,15 @@ August 13, 2013 * Django 1.5 -* `Full description `_ +* `Full description `__ * **Patches:** - * `1.4 redirect validation `_ + * `1.4 redirect validation `__ - * `1.5 URLField trusting `_ + * `1.5 URLField trusting `__ - * `1.5 redirect validation `_ + * `1.5 redirect validation `__ September 10, 2013 @@ -494,13 +494,13 @@ September 10, 2013 * Django 1.5 -* `Full description `_ +* `Full description `__ * **Patches:** - * `1.4 CVE-2013-4315 `_ + * `1.4 CVE-2013-4315 `__ - * `1.5 CVE-2013-4315 `_ + * `1.5 CVE-2013-4315 `__ September 14, 2013 @@ -516,12 +516,12 @@ September 14, 2013 * Django 1.5 -* `Full description `_ +* `Full description `__ * **Patches:** - * `1.4 CVE-2013-1443 `_ and `Python compatibility fix `_ + * `1.4 CVE-2013-1443 `__ and `Python compatibility fix `__ + + * `1.5 CVE-2013-1443 `__ - * `1.5 CVE-2013-1443 `_ -