Debian: DLA-1842-1 Moderate: Python-Django HTTP Connection Issue Resolution
debian lts
July 1, 2019
It was discovered that the Django Python web development framework did not correct identify HTTP connections when a reverse proxy connected via HTTPS
Topics Covered
Summary
HttpRequest.scheme now respects SECURE_PROXY_SSL_HEADER, if it is
configured, and the appropriate header is set on the request, for
both HTTP and HTTPS requests.
If you deploy Django behind a reverse-proxy that forwards HTTP
requests, and that connects to Django via HTTPS, be sure to verify
that your application correctly handles code paths relying on scheme,
is_secure(), build_absolute_uri(), and SECURE_SSL_REDIRECT.
For Debian 8 "Jessie", this issue has been fixed in python-django version
1.7.11-1+deb8u6.
We recommend that you upgrade your python-django packages.
Regards,
- --
,'`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
PREVIOUS
NEXT
Package: python-django
Version: 1.7.11-1+deb8u6
CVE ID: CVE-2019-12308
Debian Bug: #931316
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!