=========================== Django 1.8.14 release notes =========================== *July 18, 2016* Django 1.8.14 fixes a security issue and a bug in 1.8.13. XSS in admin's add/change related popup ======================================= Unsafe usage of JavaScript's ``Element.innerHTML`` could result in XSS in the admin's add/change related popup. ``Element.textContent`` is now used to prevent execution of the data. The debug view also used ``innerHTML``. Although a security issue wasn't identified there, out of an abundance of caution it's also updated to use ``textContent``. Bugfixes ======== * Fixed missing ``varchar/text_pattern_ops`` index on ``CharField`` and ``TextField`` respectively when using ``AddField`` on PostgreSQL (:ticket:`26889`).
distrib
>
Mageia
>
6
>
armv7hl
>
media
>
core-updates
>
by-pkgid
>
65530c6176058f9b54858c3b4f6385e6
>
files
>
474
