mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-03 10:34:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Changed severity levels to list in security policy docs.

Browse source
This commit is contained in:
shivaramkumar 2024-02-05 05:36:32 +01:00 committed by GitHub
parent e67d7d70fa
commit a47de0d6cd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 13 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

26
docs/internals/security.txt
View file

@ -84,24 +84,24 @@ upcoming security release, as well as the severity of the issues. This is to
aid organizations that need to ensure they have staff available to handle
triaging our announcement and upgrade Django as needed. Severity levels are:
**High**:
* **High**
* Remote code execution
* SQL injection
* Remote code execution
* SQL injection
**Moderate**:
* **Moderate**
* Cross site scripting (XSS)
* Cross site request forgery (CSRF)
* Denial-of-service attacks
* Broken authentication
* Cross site scripting (XSS)
* Cross site request forgery (CSRF)
* Denial-of-service attacks
* Broken authentication
**Low**:
* **Low**
* Sensitive data exposure
* Broken session management
* Unvalidated redirects/forwards
* Issues requiring an uncommon configuration option
* Sensitive data exposure
* Broken session management
* Unvalidated redirects/forwards
* Issues requiring an uncommon configuration option
Second, we notify a list of :ref:`people and organizations
<security-notifications>`, primarily composed of operating-system vendors and