Altered the behavior of URLField to avoid a potential DOS vector, and to avoid potential leakage of local filesystem data. A security announcement will be made shortly.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16760 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-08-04 10:59:45 +00:00 · 2011-09-10 00:47:00 +00:00 · 2011-09-10 00:47:00 +00:00 · 5f287f75f2
commit 5f287f75f2
parent 33076af6f2
11 changed files with 107 additions and 43 deletions
--- a/docs/releases/1.4.txt
+++ b/docs/releases/1.4.txt
@ -519,6 +519,14 @@ This was an alias to ``django.template.loader`` since 2005, it has been removed
 without emitting a warning due to the length of the deprecation. If your code
 still referenced this please use ``django.template.loader`` instead.

+``django.db.models.fields.URLField.verify_exists``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This functionality has been removed due to intractable performance and
+security issues. Any existing usage of ``verify_exists`` should be
+removed.
+
+
 .. _deprecated-features-1.4:

 Features deprecated in 1.4