Monday, June 29, 2015

[ANNOUNCE] Django Security advisory: simple_tag does not do auto-escaping

The Django team has just published a short security advisory about usage of the simple_tag template tag helper. You should audit your own code.

https://www.djangoproject.com/weblog/2015/jun/29/simple_tag-security-advisory/

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/70781302-7b1f-4f83-86aa-8901c5742014%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment