Skip to content

[pull] main from django:main#480

Merged
pull[bot] merged 1 commit into
threatcode:mainfrom
django:main
Jul 2, 2026
Merged

[pull] main from django:main#480
pull[bot] merged 1 commit into
threatcode:mainfrom
django:main

Conversation

@pull

@pull pull Bot commented Jul 2, 2026

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

…docs.

Reworked the outdated "Preventing header injection" section:

* Added a "Safely sending email" section noting that the topic is
  relevant but beyond the scope of Django's own docs.
* Added a section on correctly formatting email addresses with a
  variable display name to avoid injection attacks.
* Updated the existing "Preventing header injection" section to note
  that Django (via Python) already prevents CRLF injection, but that
  custom email backends that bypass Django's protections may need to
  handle it.

Also added references to the new "Formatting email addresses" section
from the `ADMINS`, `DEFAULT_FROM_EMAIL`, and `SERVER_EMAIL` settings.
@pull pull Bot locked and limited conversation to collaborators Jul 2, 2026
@pull pull Bot added the ⤵️ pull label Jul 2, 2026
@pull pull Bot merged commit f3f9601 into threatcode:main Jul 2, 2026
1 of 2 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant