From 2111a9908fc8e3b2db26b2609a5cb11b0b1aba6e Mon Sep 17 00:00:00 2001 From: PCoder Date: Sat, 29 Feb 2020 22:16:34 +0530 Subject: [PATCH] Add comment --- notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notes.md b/notes.md index 1c89324..0feb23c 100644 --- a/notes.md +++ b/notes.md @@ -54,7 +54,7 @@ def attachment_delete(request, pk): Anyone who can login to the system, could potentially delete an attachment belonging to some other user, which may be disastrous. We could easily overcome this like the example from django-guardian above. -4. I am not sure what exact Django version the app is designed for. I am assuming some version of Django 2.x.x. based on my attempt to run the project. It would be nice to check all vulnerabilities for this specific version of Django. For example for 2.2, the known vulnerabilities in Django are: https://snyk.io/vuln/pip:Django@2.2 +4. I am not sure what exact Django version the app is designed for. I am assuming some version of Django 2.x.x. based on my attempt to run the project. It would be nice to check all vulnerabilities for this specific version of Django. For example for 2.2, the known vulnerabilities in Django are: https://snyk.io/vuln/pip:Django@2.2. I would recommend to verify that the project's code does not have any of these. ## Standard Django app deployment checks