Altered the behavior of URLField to avoid a potential DOS vector, and to avoid potential leakage of local filesystem data. A security announcement will be made shortly.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16760 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-08-04 02:48:35 +00:00 · 2011-09-10 00:47:00 +00:00 · 2011-09-10 00:47:00 +00:00 · 5f287f75f2
commit 5f287f75f2
parent 33076af6f2
11 changed files with 107 additions and 43 deletions
--- a/docs/internals/deprecation.txt
+++ b/docs/internals/deprecation.txt
@ -115,6 +115,11 @@ their deprecation, as per the :ref:`deprecation policy
      beyond that of a simple ``TextField`` since the removal of oldforms.
      All uses of ``XMLField`` can be replaced with ``TextField``.

+    * ``django.db.models.fields.URLField.verify_exists`` has been
+      deprecated due to intractable security and performance
+      issues. Validation behavior has been removed in 1.4, and the
+      argument will be removed in 1.5.
+
 1.5
 ---