Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Don't characterize XML vulnerabilities as DoS-only.

  • Loading branch information...
commit c7f80b428bc7440d61f94b8ae99c5d5959369541 1 parent 23ef6e1
Carl Meyer carljm authored
Showing with 5 additions and 6 deletions.
  1. +5 −6 docs/releases/1.5.txt
11 docs/releases/1.5.txt
View
@@ -631,12 +631,11 @@ databases <contrib_app_multiple_databases>` for more information.
XML deserializer will not parse documents with a DTD
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-In order to prevent exposure to denial-of-service attacks related to external
-entity references and entity expansion, the XML model deserializer now refuses
-to parse XML documents containing a DTD (DOCTYPE definition). Since the XML
-serializer does not output a DTD, this will not impact typical usage, only
-cases where custom-created XML documents are passed to Django's model
-deserializer.
+In order to prevent exposure to attacks related to external entity references
+and entity expansion, the XML model deserializer now refuses to parse XML
+documents containing a DTD (DOCTYPE definition). Since the XML serializer does
+not output a DTD, this will not impact typical usage, only cases where
+custom-created XML documents are passed to Django's model deserializer.
Formsets default ``max_num``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please sign in to comment.
Something went wrong with that request. Please try again.