The Vulnerability History Project

[1.8.x] Fixed CVE-2016-7401 -- Fixed CSRF protection bypass on a site with Google Analytics.

      This is a security fix.

Backport of "refs #26158 -- rewrote http.parse_cookie() to better match
browsers." 93a135d111c2569d88d65a3f4ad9e6d9ad291452 from master

by Leah the Coyote 2016-03-12 02:36:08 UTC

commit 6118ab7d0676f0d622278e5be215f14fb5410b6a

Django Fix CVE-2016-7401

django/http/cookie.py

+13 -16

docs/releases/1.8.15.txt

-18

docs/releases/index.txt

-1

tests/httpwrappers/tests.py

+1 -51

tests/requests/tests.py

+4 -1

expand_less