The Vulnerability History Project

[1.9.x] Fixed CVE-2016-7401 -- Fixed CSRF protection bypass on a site with Google Analytics.

      This is a security fix.

Backport of "refs #26158 -- rewrote http.parse_cookie() to better match
browsers." 93a135d111c2569d88d65a3f4ad9e6d9ad291452 from master

by Leah the Coyote 2016-03-12 02:36:08 UTC

commit d1bc980db1c0fffd6d60677e62f70beadb9fe64a

Django Fix CVE-2016-7401

django/http/cookie.py

+13 -16

docs/releases/1.8.15.txt

-18

docs/releases/1.9.10.txt

-18

docs/releases/index.txt

-2

tests/httpwrappers/tests.py

+1 -51

tests/requests/tests.py

expand_less