===========================Django 1.7.11 release notes===========================*November 24, 2015*Django 1.7.11 fixes a security issue and a data loss bug in 1.7.10.Fixed settings leak possibility in ``date`` template filter===========================================================If an application allows users to specify an unvalidated format for dates andpasses this format to the :tfilter:`date` filter, e.g.``{{ last_updated|date:user_date_format }}``, then a malicious user couldobtain any secret in the application's settings by specifying a settings keyinstead of a date format. e.g. ``"SECRET_KEY"`` instead of ``"j/m/Y"``.To remedy this, the underlying function used by the ``date`` template filter,``django.utils.formats.get_format()``, now only allows accessing the date/timeformatting settings.Bugfixes========* Fixed a data loss possibility with :class:`~django.db.models.Prefetch` if``to_attr`` is set to a ``ManyToManyField`` (:ticket:`25693`).