Skip to content

Fixed #17869 - security improvement to RemoteUserMiddleware #134

Closed
wants to merge 3 commits into from

2 participants

@ghost
ghost commented Jun 8, 2012
  • (On behalf of Paul McMillan) this is a minor security fix so it should be backported to 1.4

Fixed #17869

  • RemoteUserMiddleware forces logout when REMOTE_USER header disappears during a same browser session.
  • Added a test, and documentation for the 1.4.1 release.
Sylvain Bouchard Fixed #17869 - RemoteUserMiddleware forces logout when REMOTE_USER he…
…ader

disappears during a same browser session.

Added a test, and documentation for the 1.4.1 release.
8487613
@jezdez
Django member
jezdez commented Jun 8, 2012

The changelog entry needs to be in 1.5.txt, too.

Sylvain Bouc... added some commits Jun 8, 2012
Sylvain Bouchard Fixed #17869 - RemoteUserMiddleware forces logout when REMOTE_USER he…
…ader

disappears during a same browser session.

Added a test, and documentation for the 1.4.1 and 1.5 releases.
9dabaaa
Sylvain Bouchard Merge branch 'master' of github.com:bouchardsyl/django 189ed20
@ghost
ghost commented Jun 8, 2012

Added changelog entry to 1.5.txt.

@chrismedrela chrismedrela commented on the diff Jun 8, 2012
docs/releases/1.5.txt
@@ -92,6 +92,9 @@ Django 1.5 also includes several smaller improvements worth noting:
* In the localflavor for Canada, "pq" was added to the acceptable codes for
Quebec. It's an old abbreviation.
+* RemoteUserMiddleware now forces logout when the REMOTE_USER header
+ disappears during a same browser session.
@chrismedrela
chrismedrela added a note Jun 8, 2012

I afraid during a same is incorrect. I think that during the same is the correct one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@ghost ghost closed this Sep 9, 2012
@ghost ghost reopened this Sep 9, 2012
@ghost ghost closed this Sep 9, 2012
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.