mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-22 15:20:47 +00:00
Code Issues 32 Releases Wiki Activity
14,062 Commits 29 Branches 438 Tags
Commit Graph

14062 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Simon Charette
2a446c896e [1.5.x] Prevented data leakage in contrib.admin via query string manipulation. 
This is a security fix. Disclosure following shortly.
 2014-08-20 11:44:02 -04:00
Preston Holmes
dd68f319b3 [1.5.x] Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USE change. 
This is a security fix. Disclosure following shortly.
 2014-08-20 11:44:02 -04:00
Tim Graham
26cd48e166 [1.5.x] Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file names. 
This is a security fix. Disclosure following shortly.
 2014-08-20 11:44:02 -04:00
Florian Apolloner
45ac9d4fb0 [1.5.x] Prevented reverse() from generating URLs pointing to other hosts. 
This is a security fix. Disclosure following shortly.
 2014-08-20 11:44:02 -04:00
Tim Graham
25d9ae5214 [1.5.x] Added release note stubs for 1.5.9 and 1.4.14. 2014-08-20 11:44:02 -04:00
Tim Graham
27ab82f7fc [1.5.x] Corrected content_type parameter name in sitemap docs. 
mimetype was deprecated in 1.5 per 11ec0253ab4cc926ab9e77619132cb398231ac33.

Backport of a7443c24a3 from master
 2014-08-13 21:45:36 -04:00
Tim Graham
00ec30d3c4 [1.5.x] Added a warning that remove_tags() output shouldn't be considered safe. 
Backport of 7efce77de2 from master
 2014-08-11 07:09:56 -04:00
Ola Sitarska
5d6e4031df [1.5.x] Fixed #23267 -- Fixed typo in Translation documentation 
Thanks to Tomin1 for the report.

Backport of 2e7be92b4df29ac851d570e57da5dcf756c5ac52 from master.
 2014-08-11 12:10:52 +02:00
Tim Graham
bafc7237a9 [1.5.x] Noted that django-jython requires Django 1.7. 
Backport of 72e98d5c16 from stable/1.6.x
 2014-08-08 12:47:54 -04:00
Mohammed Attia
50369c5295 [1.5.x] Removed a doc reference to the deprecated mimetype kwarg. 
Backport of 61ed959235 from master
 2014-08-06 22:21:16 -04:00
Tim Graham
e0fb48c254 [1.5.x] Fixed #23239 -- Clarified a phrase in the contrib.markup docs. 2014-08-06 08:28:51 -04:00
Erik Romijn
12ac0bb91b [1.5.x] Fixed #23149 -- Clarified note on HTTPOnly in cookie-based session docs 
Backport of e26366da44bb343e7a95d01ff0dd18b8026c2802 from master.
 2014-08-02 19:00:50 +02:00
Ramiro Morales
291e837bda [1.5.x] Revert "Fixed #13794 -- Fixed to_field usage in BaseInlineFormSet." 
This reverts commit 4ae68f677b3348765d8649d8b57beffa18fe8d3d.

stable/1.5.x branch is in security-fixes-only mode.
 2014-07-14 21:12:40 -03:00
Tim Graham
4ae68f677b [1.5.x] Fixed #13794 -- Fixed to_field usage in BaseInlineFormSet. 
Thanks sebastien at clarisys.fr for the report and gautier
for the patch.

Backport of 5e2c4a4bd1 from master
 2014-07-14 12:38:43 -03:00
Tim Graham
ddc715edd3 [1.5.x] Fixed #22966 -- Clarified which release notes appear for each doc version. 
Thanks haimunt at yahoo.com for the suggestion.

Backport of e6b3d6c22f from master
 2014-07-07 15:31:57 -04:00
Tim Graham
ce06ef5569 [1.5.x] Fixed #22859 -- Improved crossDomain technique in CSRF example. 
Thanks flisky for the report.

Backport of 0be4d64487 from master
 2014-06-18 14:38:19 -04:00
vagrant
7342784b99 [1.5.x] Fixed #22842 
Backport of 7a1f8414c3b71b6af03e5be9f5f8db115551c410 from master.
 2014-06-15 21:13:05 +02:00
Tim Graham
d57cf88c1e [1.5.x] Improved deprecation plan links in release notes. 
Backport of 7ff326928a08d4c51141768bd305a44ca5ecb2e7 from master
 2014-05-29 18:59:56 -04:00
Erik Romijn
d5ca482451 [1.5.x] Fixed #22644 -- Clarified documentation for NamedUrlWizardView 
Backport of 727d048f0991ccbd1564c6fb225ffbfd2f1a2102 from master.
 2014-05-17 15:18:32 +02:00
Claude Paroz
044a4fd7a8 [1.5.x] Fixed case in form widgets docs 
Backport of 9494f29d from master
 2014-05-16 17:43:26 -04:00
Moritz
220c09e97a [1.5.x] Fixed #22167 -- Improved documentation on context processors 
Backport of e7ffba8f78849fbf60b98fb8d67ef4577b585e3b from master.
 2014-05-16 18:30:23 +02:00
Tim Graham
5c65aa9243 [1.5.x] Minor edits to latest release notes. 
Backport of 860d31ac7a3bdd4b27db8b34b110b3d801ddaf8a from master
 2014-05-15 07:17:17 -04:00
Jacob Kaplan-Moss
4752580881 Bumped version number post release. 2014-05-14 18:31:37 +02:00
Jacob Kaplan-Moss
4e922f6084 Bumped version numbers for release. 1.5.8 2014-05-14 18:27:50 +02:00
Jacob Kaplan-Moss
ffcb009178 Added release notes for 1.4.13, 1.5.8. 2014-05-14 18:26:26 +02:00
Erik Romijn
ad32c21885 [1.5.x] Added additional checks in is_safe_url to account for flexible parsing. 
This is a security fix. Disclosure following shortly.
 2014-05-12 09:42:06 -04:00
Aymeric Augustin
4001ec8698 [1.5.x] Dropped fix_IE_for_vary/attach. 
This is a security fix. Disclosure following shortly.
 2014-05-12 09:41:34 -04:00
Tim Graham
41ab97b6a4 [1.5.x] Fixed #22575 -- Fixed typo in docs/topics/class-based-views/generic-editing.txt. 
Thanks adminq80 at gmail.com.

Backport of 87776859af from master
 2014-05-05 06:42:41 -04:00
Tim Graham
73136a887d [1.5.x] Added dates to release notes of today's release. 
Backport of 68d264059abb21b96c4fe68bf4d99520268a451c from master
 2014-04-28 19:07:17 -04:00
Tim Graham
ce6c665f12 [1.5.x] Post release version bump. 2014-04-28 19:01:01 -04:00
James Bennett
c47324b2de [1.5.x] Update version numbers for 1.5.7 bugfix release. 1.5.7 2014-04-28 15:34:35 -05:00
Tim Graham
47a352f84e [1.5.x] Removed bad import in last commit. 2014-04-23 09:15:41 -04:00
Tim Graham
19bd6b9477 [1.5.x] Fixed #22486 -- Restored the ability to reverse views created using functools.partial. 
Regression in 8b93b31487d6d3b0fcbbd0498991ea0db9088054.

Thanks rcoup for the report.

Backport of 3c06b2f2a3 from master
 2014-04-23 09:01:38 -04:00
Ray Ashman
2d450cc3e5 [1.5.x] Updated grammar in description of django.contrib.auth. 
Backport of 9853779805 from master
 2014-04-22 18:29:13 -04:00
Tim Graham
036b2d4f30 [1.5.x] Post release version bump. 2014-04-22 11:49:50 -04:00
James Bennett
a0f60958cf [1.5.x] Add missing disclosure information to security archive. 2014-04-21 18:28:24 -05:00
James Bennett
486b6f398b [1.5.x] Update for 1.5.6 security release. 1.5.6 2014-04-21 17:51:51 -05:00
Erik Romijn
cebfbcdb86 [1.5.x] Added information on resolved security issues to release notes. 
Backport of c07f3e60c2d455e36ba4ac339d4283d32bbc3814 from master
 2014-04-21 18:31:08 -04:00
Erik Romijn
985434fb1d [1.5.x] Fixed queries that may return unexpected results on MySQL due to typecasting. 
This is a security fix. Disclosure will follow shortly.

Backport of 75c0d4ea3ae48970f788c482ee0bd6b29a7f1307 from master
 2014-04-21 18:31:08 -04:00
Aymeric Augustin
6872f42757 [1.5.x] Prevented leaking the CSRF token through caching. 
This is a security fix. Disclosure will follow shortly.

Backport of c083e3815aec23b99833da710eea574e6f2e8566 from master
 2014-04-21 18:31:05 -04:00
Tim Graham
2a5bcb69f4 [1.5.x] Fixed a remote code execution vulnerabilty in URL reversing. 
Thanks Benjamin Bach for the report and initial patch.

This is a security fix; disclosure to follow shortly.

Backport of 8b93b31487d6d3b0fcbbd0498991ea0db9088054 from master
 2014-04-21 18:30:57 -04:00
Matt Lauber
d6c685cc78 [1.5.x] Corrected the section identifier for MySQL unicode reference. 
Backport of b2514c02e1 from master
 2014-04-21 13:20:56 -04:00
Erik Romijn
1997421f8e [1.5.x] Fixed #22471 -- Corrected misprint in i18n docs 
Backport of 54d5c37de6572eae57a66339bb38719e681cee82 from master.
 2014-04-18 15:16:43 +02:00
Jordi Yeh
ec2d456df8 [1.5.x] Fixed #22457 -- Fixed contributing guide w/o github set-up 
The published commnand was not working when the user did not have
the git client set-up with the public-key. Changed the contributing
guide to clone it from https instead.

Backport of 28102991172ab931d030412275f926c1b05c688d from master
 2014-04-16 09:40:32 -04:00
Tim Graham
cbc80eef6d [1.5.x] Fixed #22392 -- Corrected deployment instructions for Apache 2.4. 
Thanks zjcheah at yahoo.com for the report.

Backport of 0f37d2e4c0 from master
 2014-04-15 17:46:01 -04:00
Tim Graham
5b2d17d910 [1.5.x] Fixed #22419 -- Typo in docs/topics/db/multi-db.txt. 
Thanks Josh Kupershmidt.

Backport of c487b1e230 from master
 2014-04-10 19:33:50 -04:00
Tim Graham
efb0c848ac [1.5.x] Updated six to 1.6.1. 
Backport of 2ec82c7387db071278201796208808de84c90dbf from master
 2014-03-24 07:34:37 -04:00
Claude Paroz
468d06077a [1.5.x] Clarified strip_tags documentation 
The fact that strip_tags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:
https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/

Partial backport (doc-only) of 6ca6c36f82 from master.
 2014-03-22 11:14:15 +01:00
Dejan Noveski
b86ff4ee82 [1.5.x] Fixed #22262 -- Added the correct line in the last example of Translator lines 
Backport of 958b511a80c01ac010561c8fefe4548203700fa3 from master.
 2014-03-13 14:15:48 +01:00
Tim Graham
c888bee836 [1.5.x] Fixed #22062 -- Corrected static files config for Apache >= 2.4 
Backport of ffa238c3f7 from master
 2014-02-18 09:32:44 -05:00