Django 1.8.14 release notes¶
July 18, 2016
Django 1.8.14 fixes a security issue and a bug in 1.8.13.
Bugfixes¶
Fixed missing
varchar/text_pattern_ops
index onCharField
andTextField
respectively when usingAddField
on PostgreSQL (#26889).
Please take a few minutes to complete the
2024 Django Developers Survey.
Your feedback will help guide future efforts.
July 18, 2016
Django 1.8.14 fixes a security issue and a bug in 1.8.13.
Unsafe usage of JavaScript’s Element.innerHTML
could result in XSS in the
admin’s add/change related popup. Element.textContent
is now used to
prevent execution of the data.
The debug view also used innerHTML
. Although a security issue wasn’t
identified there, out of an abundance of caution it’s also updated to use
textContent
.
Fixed missing varchar/text_pattern_ops
index on CharField
and
TextField
respectively when using AddField
on PostgreSQL
(#26889).
Offline (Django 4.2):
HTML |
PDF |
ePub
Provided by Read the Docs.
© 2005-2024 Django Software Foundation and individual contributors. Django is a registered trademark of the Django Software Foundation.