Fixed #17869 - security improvement to RemoteUserMiddleware #134

Closed
wants to merge 3 commits into
from

Projects

None yet

2 participants

@ghost
  • (On behalf of Paul McMillan) this is a minor security fix so it should be backported to 1.4

Fixed #17869

  • RemoteUserMiddleware forces logout when REMOTE_USER header disappears during a same browser session.
  • Added a test, and documentation for the 1.4.1 release.
Sylvain Bouchard Fixed #17869 - RemoteUserMiddleware forces logout when REMOTE_USER he…
…ader

disappears during a same browser session.

Added a test, and documentation for the 1.4.1 release.
8487613
@jezdez
Django member

The changelog entry needs to be in 1.5.txt, too.

Sylvain Bouc... added some commits Jun 8, 2012
Sylvain Bouchard Fixed #17869 - RemoteUserMiddleware forces logout when REMOTE_USER he…
…ader

disappears during a same browser session.

Added a test, and documentation for the 1.4.1 and 1.5 releases.
9dabaaa
Sylvain Bouchard Merge branch 'master' of github.com:bouchardsyl/django 189ed20
@ghost

Added changelog entry to 1.5.txt.

@chrismedrela chrismedrela commented on the diff Jun 8, 2012
docs/releases/1.5.txt
@@ -92,6 +92,9 @@ Django 1.5 also includes several smaller improvements worth noting:
* In the localflavor for Canada, "pq" was added to the acceptable codes for
Quebec. It's an old abbreviation.
+* RemoteUserMiddleware now forces logout when the REMOTE_USER header
+ disappears during a same browser session.
@chrismedrela
chrismedrela Jun 8, 2012

I afraid during a same is incorrect. I think that during the same is the correct one.

@ghost ghost closed this Sep 9, 2012
@ghost ghost reopened this Sep 9, 2012
@ghost ghost closed this Sep 9, 2012
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment