[2.0.x] Added CVE-2019-3498 to the security release archive.

Backport of 162ae9c9143aa85eb27ea69b446a28973eea4854 from master.
2019-01-04 09:24:47 -05:00 · 2019-01-04 09:24:47 -05:00 · 01b7a140e8
commit 01b7a140e8
parent cf56a185dd
1 changed files with 13 additions and 0 deletions
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@ -909,3 +909,16 @@ Versions affected
 ~~~~~~~~~~~~~~~~~

 * Django 2.1 `(patch) <https://github.com/django/django/commit/c4bd5b597e0aa2432e4c867b86650f18af117851>`__
+
+January 4, 2019 - :cve:`2019-3498`
+----------------------------------
+
+Content spoofing possibility in the default 404 page. `Full description
+<https://www.djangoproject.com/weblog/2019/jan/04/security-releases/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 2.1 `(patch) <https://github.com/django/django/commit/64d2396e83aedba3fcc84ca40f23fbd22f0b9b5b>`__
+* Django 2.0 `(patch) <https://github.com/django/django/commit/9f4ed7c94c62e21644ef5115e393ac426b886f2e>`__
+* Django 1.11 `(patch) <https://github.com/django/django/commit/1cd00fcf52d089ef0fe03beabd05d59df8ea052a>`__