Django 1.11.18 release notes¶

January 4, 2019

Django 1.11.18 fixes a security issue in 1.11.17.

CVE-2019-3498: Content spoofing possibility in the default 404 page¶

An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the django.views.defaults.page_not_found() view.

The URL path is no longer displayed in the default 404 template and the request_path context variable is now quoted to fix the issue for custom templates that use the path.

Django 1.11.19 release notes

Django 1.11.17 release notes

Django 1.11.18 release notes
- CVE-2019-3498: Content spoofing possibility in the default 404 page

Browse

FAQ: Try the FAQ — it's got answers to many common questions.
Index, Module Index, or Table of Contents: Handy when looking for specific information.
django-users mailing list: Search for information in the archives of the django-users mailing list, or post a question.
#django IRC channel: Ask a question in the #django IRC channel, or search the IRC logs to see if it’s been asked before.
Django Discord Server: Join the Django Discord Community.
Official Django Forum: Join the community on the Django Forum.
Ticket tracker: Report bugs with Django or Django documentation in our ticket tracker.

Download:

Offline (Django 2.1): HTML | PDF | ePub
Provided by Read the Docs.

Documentation

Django 1.11.18 release notes¶

CVE-2019-3498: Content spoofing possibility in the default 404 page¶

Additional Information

Support Django!

Contents

Browse

You are here:

Getting help

Download:

Django Links

Learn More

Get Involved

Get Help

Follow Us

Support Us