This update fixes CVE-2015-8213: Fixed settings leak possibility in date template filter, more info can be found https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
sudo dnf upgrade --refresh --advisory=FEDORA-2015-a8c8f60fbd
Please login to add feedback.
This update has been submitted for testing by mrunge.
This update has been pushed to testing.
I cannot reproduce the security flaw. I wrote a template containing only : { foo|date:bar }} and redered it with: render(request, 'test.html', {'foo':datetime.date.today(), 'bar':'"SECRET_KEY"'}) But with Django 1.8.4 and with Django 1.8.7 I get the same desired result. So no karma for the fixes but for the release.
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by bodhi.
No regressions... Works for me.
This update has been pushed to stable.