From 39ca11c6626aa08095af2604a8d4b708e493514c Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Wed, 15 Jan 2014 14:43:34 +0000
Subject: Latest docs build

---
 topics/release-notes.html | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'topics')

diff --git a/topics/release-notes.html b/topics/release-notes.html
index e6797a76..91ed440e 100644
--- a/topics/release-notes.html
+++ b/topics/release-notes.html
@@ -225,6 +225,12 @@
 </code></pre>
 <hr />
 <h2 id="23x-series">2.3.x series</h2>
+<h3 id="2312">2.3.12</h3>
+<p><strong>Date</strong>: 15th January 2014</p>
+<ul>
+<li><strong>Security fix</strong>: <code>OrderingField</code> now only allows ordering on readable serializer fields, or on fields explicitly specified using <code>ordering_fields</code>. This prevents users being able to order by fields that are not visible in the API, and exploiting the ordering of sensitive data such as password hashes.</li>
+<li>Bugfix: <code>write_only = True</code> fields now display in the browsable API.</li>
+</ul>
 <h3 id="2311">2.3.11</h3>
 <p><strong>Date</strong>: 14th January 2014</p>
 <ul>
-- 
cgit v1.2.3