On Mon, Dec 10, 2012 at 10:38 PM, James Bennett <ubernost...@gmail.com> wrote: > Django 1.3.5, Django 1.4.3 and Django 1.5 beta 2 have just been issued > in response to security issues. > > Details are available here: > > https://www.djangoproject.com/weblog/2012/dec/10/security/ >
Is the second part of the fix in any way optional? For instance, one of my sites is a SAML/SSO identity provider - people log into it in order to be granted access to other sites in the federation, and it is routine for the "next" parameter during authentication to refer to any site in the federation, not just the local domain. Cheers Tom -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
