Tim Graham
0cb6a85f5e
Added yesterday's security issue to archive.
2015-03-10 11:01:18 -04:00
Tim Graham
ea9157f681
Added stub release notes for 1.7.7.
2015-03-09 13:09:39 -04:00
Baptiste Mispelon
82c9169077
Refs #24461 -- Added test/release notes for XSS issue in ModelAdmin.readonly_fields
...
This issue was fixed by refs #24464 .
2015-03-09 10:12:21 -04:00
Tim Graham
300fdbbebb
Clarified an item in 1.7.6 release notes.
2015-03-09 10:06:18 -04:00
Erik Romijn
fa350e2f30
Fixed #24464 -- Made built-in HTML template filter functions escape their input by default.
...
This may cause some backwards compatibility issues, but may also
resolve security issues in third party projects that fail to heed warnings
in our documentation.
Thanks Markus Holtermann for help with tests and docs.
2015-03-09 09:29:58 -04:00
Tim Graham
9eab328444
Forwardported 1.7.6 release note.
2015-03-07 08:12:44 -05:00
Jean-Louis Fuchs
f4f0060fea
Fixed #24447 -- Made migrations add FK constraints for existing columns
...
When altering from e.g. an IntegerField to a ForeignKey, Django didn't
add a constraint.
2015-03-07 14:09:56 +01:00
Tim Graham
c36b60836b
Fixed #24451 -- Deprecated comma-separated {% cycle %} syntax.
2015-03-07 07:42:39 -05:00
Grzegorz Slusarek
668d53cd12
Fixed #21495 -- Added settings.CSRF_HEADER_NAME
2015-03-05 15:03:40 -05:00
Tim Graham
d61ebc8fed
Fixed #19538 -- Removed window.__admin_media_prefix__ from admin templates.
2015-03-05 06:44:16 -05:00
Preston Timmons
70123cf084
Fixed #24399 -- Made filesystem loaders use more specific exceptions.
2015-03-03 21:20:46 +01:00
Tim Graham
71820721a1
Added stub release notes for 1.7.6.
2015-02-25 09:11:19 -05:00
Tim Graham
aca73737da
Added release date for 1.7.5 release.
2015-02-25 08:47:11 -05:00
Tim Graham
d298b1ba50
Reverted "Fixed #24325 -- Documented change in ModelForm.save() foreign key access."
...
This reverts commit 0af3822dc3
.
It's obsoleted by refs #24395 .
2015-02-24 11:50:21 -05:00
Kenneth Kam
e83aba0e2c
Fixed #23762 -- clarified CACHE_MIDDLEWARE_ANONYMOUS_ONLY deprecation in docs
2015-02-23 09:23:07 -05:00
Emin Mastizada
dda2a3cf4c
Added formats for the Azerbaijani locale.
2015-02-23 07:37:13 -05:00
Michael Manfre
7fa7dd48c4
Fixed signature of BaseDatabaseOperations.date_interval_sql() and document the change.
2015-02-22 23:23:16 -05:00
Sean Wang
eba6dff581
Fixed #24358 -- Corrected code-block directives for console sessions.
2015-02-22 09:35:39 -05:00
Loic Bistuer
bed504d70b
Fixed #24351 , #24346 -- Changed the signature of allow_migrate().
...
The new signature enables better support for routing RunPython and
RunSQL operations, especially w.r.t. reusable and third-party apps.
This commit also takes advantage of the deprecation cycle for the old
signature to remove the backward incompatibility introduced in #22583 ;
RunPython and RunSQL won't call allow_migrate() when when the router
has the old signature.
Thanks Aymeric Augustin and Tim Graham for helping shape up the patch.
Refs 22583.
2015-02-20 21:34:09 +07:00
Tim Graham
dd0b487872
Fixed typo in path to is_safe_url()
2015-02-20 09:21:39 -05:00
Tim Graham
3adc5f1ee6
Fixed #24335 -- Bumped required psycopg2 version to 2.4.5 (2.5 for contrib.postgres).
2015-02-16 18:07:27 -05:00
Aymeric Augustin
15b711b5ee
Deprecated TEMPLATE_DEBUG setting.
2015-02-15 20:47:04 +01:00
Aymeric Augustin
76356d963c
Fixed #24318 -- Set the transaction isolation level with psycopg >= 2.4.2.
2015-02-14 18:51:11 +01:00
Tim Graham
0af3822dc3
Fixed #24325 -- Documented change in ModelForm.save() foreign key access.
2015-02-14 08:08:05 -05:00
Claude Paroz
1791a7e75a
Fixed #15779 -- Allowed 'add' primary key in admin edition
...
Thanks Marwan Alsabbagh for the report, and Simon Charette and
Tim Graham for the reviews.
2015-02-14 11:19:55 +01:00
Markus Holtermann
f287bec583
Fixed #24184 -- Prevented automatic soft-apply of migrations
...
Previously Django only checked for the table name in CreateModel
operations in initial migrations and faked the migration automatically.
This led to various errors and unexpected behavior. The newly introduced
--fake-initial flag to the migrate command must be passed to get the
same behavior again. With this change Django will bail out in with a
"duplicate relation / table" error instead.
Thanks Carl Meyer and Tim Graham for the documentation update, report
and review.
2015-02-13 14:29:59 +01:00
Loic Bistuer
00a889167f
Fixed #24295 -- Allowed ModelForm meta to specify form field classes.
...
Thanks Carl Meyer and Markus Holtermann for the reviews.
2015-02-13 19:13:05 +07:00
Tim Graham
e8cf4f8abe
Fixed #24332 -- Fixed contrib.sites create_default_site() when 'default' DATABASES is empty.
2015-02-13 07:01:28 -05:00
Tim Graham
a93c5fb2bf
Forwardported item in 1.7.5 release notes.
2015-02-12 14:05:52 -05:00
Josh Smeaton
1fbe8a2de3
Fixed #24200 -- Made introspection bypass statement cache
2015-02-10 23:24:34 +02:00
Markus Holtermann
2832a9b028
Revert "Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth"
...
This reverts commit 737d24923a
.
2015-02-07 20:14:49 +01:00
Loic Bistuer
71ada3a8e6
Fixed #6707 -- Added RelatedManager.set() and made descriptors' __set__ use it.
...
Thanks Anssi Kääriäinen, Carl Meyer, Collin Anderson, and Tim Graham for the reviews.
2015-02-05 12:45:08 +07:00
Preston Timmons
5bc5ddd8b5
Fixed #24235 -- Removed is_usable attribute from template loaders.
2015-02-04 07:47:28 -05:00
darkryder
9ec8aa5e5d
Fixed #24149 -- Normalized tuple settings to lists.
2015-02-03 14:59:45 -05:00
Preston Timmons
cd4282816d
Fixed #18651 -- Enabled optional assignments for simple_tag().
2015-02-03 10:44:33 -05:00
Anssi Kääriäinen
8adc59038c
Fixed #23617 -- Added get_pk_value_on_save()
...
The method is mainly intended for use with UUIDField. For UUIDField we
want to call the field's default even when primary key value is
explicitly set to None to match the behavior of AutoField.
Thanks to Marc Tamlyn and Tim Graham for review.
2015-02-03 09:23:44 -05:00
Tim Graham
75303b01a9
Fixed #24245 -- Added introspection for database defaults.
...
Needed for tests for migrations handling of database defaults.
2015-01-31 12:33:11 -05:00
Tim Graham
888054bff7
Fixed #24208 -- Documented changes in private model relations.
2015-01-31 11:01:55 -05:00
Claude Paroz
a0b5f15ea5
Fixed #14483 -- Allowed using subqueries with GIS lookups
2015-01-30 20:27:18 +01:00
Loic Bistuer
4c3bfe9053
Fixed #24211 -- Removed ValuesQuerySet() and ValuesListQuerySet().
...
Thanks Anssi Kääriäinen, Marc Tamlyn, and Tim Graham for the reviews.
2015-01-30 22:02:58 +07:00
Tim Graham
29c0073335
Fixed #24164 -- Fixed Oracle GIS limited aggregation test failure.
2015-01-30 06:28:47 -05:00
Jon Dufresne
24b2bc635e
Fixed #24137 -- Switched to HTTP reason phrases from Python stdlib.
2015-01-28 06:59:40 -05:00
Tim Graham
ac6033d883
Added stub 1.7.5 release notes.
2015-01-28 06:38:31 -05:00
Loic Bistuer
332139d23d
Fixed typo in docs. Thanks Berker.
2015-01-28 01:50:05 +07:00
Markus Holtermann
335df82a3f
Corrected naming of method and attribute
2015-01-27 19:45:52 +01:00
Tim Graham
6f8418089c
Added 1.4.19 release notes.
2015-01-27 11:48:04 -05:00
Loic Bistuer
728b6fd9ca
Fixed #24219 -- Moved SelectDateWidget together with the other widgets
...
and deprecated django.forms.extras.
Thanks Berker Peksag and Tim Graham for the reviews.
2015-01-27 22:40:02 +07:00
Markus Holtermann
da224d6be0
Refs #24104 -- Added missing release notes
...
Forwardport of 3d4a826174
from stable/1.7.x
2015-01-27 15:35:34 +01:00
seanwestfall
7a90b53d60
Fixed #24053 -- Removed admin CSS & images for IE6 & 7.
2015-01-27 07:48:11 -05:00
Josh Smeaton
e77c1bc181
Refs #24154 -- Added deprecation release notes
2015-01-27 15:30:59 +11:00
Florian Apolloner
16ee52d21d
Fixed #24205 -- Deprecated Signal.disconnect weak parameter.
2015-01-23 14:37:12 -05:00
Claude Paroz
f8e4e4a935
Fixed warning leak in static.serve() test
...
Partial forward port of b1bf8d64fb
from 1.7.x. Refs #24193 .
2015-01-23 09:09:48 +01:00
Fabio C. Barrionuevo da Luz
bd691f4586
Fixed #24177 -- Added documentation about database view support in inspectdb
2015-01-20 01:07:34 +01:00
Tim Graham
33457cd3b0
Removed IPAddressField per deprecation timeline; refs #20439 .
2015-01-19 11:12:57 -05:00
Markus Holtermann
5792e6a88c
Fixed #24163 -- Removed unique constraint after index on MySQL
...
Thanks Łukasz Harasimowicz for the report.
2015-01-19 16:52:26 +01:00
Tim Graham
8e435a5640
Added deprecation docs for legacy lookup support; refs #16187 .
2015-01-19 09:42:26 -05:00
Tim Graham
840f2bfae6
Copied additional items from deprecation timeline to 1.9 release notes.
2015-01-18 21:57:38 -05:00
Tim Graham
ecf109f215
Added missing items to deprecation timeline/1.7 release notes.
2015-01-18 21:23:06 -05:00
Tim Graham
89e9f81601
Clarified deprecation of forms.forms.get_declared_fields(); refs #19617 .
2015-01-18 16:06:56 -05:00
Tim Graham
7e8cf74dc7
Removed support for syncing apps without migrations per deprecation timeline.
...
Kept support for creating models without migrations when running tests
(especially for Django's test suite).
2015-01-18 15:58:06 -05:00
Tim Graham
7468c948b6
Clarified deprecation of test.utils.TestTemplateLoader.
2015-01-18 14:18:53 -05:00
Tim Graham
ba27f89587
Clarified a contrib.sites deprecation and added to 1.7 release notes.
2015-01-18 13:33:19 -05:00
Tim Graham
d029fafea1
Removed utils.module_loading.import_by_path() per deprecation timeline; refs #21674 .
2015-01-18 12:51:15 -05:00
Tim Graham
20e4e8fc79
Added removal of check management command to deprecation timeline.
2015-01-17 19:14:44 -05:00
Tim Graham
0622bca5d1
Removed the validate management command per deprecation timeline.
2015-01-17 19:12:03 -05:00
Tim Graham
4aa089a9a9
Removed support for custom SQL per deprecation timeline.
2015-01-17 10:16:06 -05:00
Collin Anderson
a420f83e7d
Fixed #24055 -- Keep reference to view class for resolve()
2015-01-17 22:09:10 +07:00
Tim Graham
d038c547b5
Removed django.core.cache.get_cache() per deprecation timeline; refs #21012 .
2015-01-17 09:55:18 -05:00
Tim Graham
f6463bb380
Removed the syncdb command per deprecation timeline.
2015-01-17 09:20:12 -05:00
Tim Graham
f4f24d30e0
Removed pre_syncdb and post_syncdb signals per deprecation timeline.
2015-01-17 09:07:00 -05:00
Tim Graham
c820892eed
Removed django.utils.datastructures.SortedDict per deprecation timeline.
2015-01-17 08:40:23 -05:00
Tim Graham
41f0d3d3bc
Removed FastCGI support per deprecation timeline; refs #20766 .
2015-01-17 08:32:31 -05:00
Tim Graham
c51258882b
Increased the default PBKDF2 iterations.
2015-01-16 19:27:10 -05:00
Tim Graham
3fe3bddc28
Added stub release notes for Django 1.9.
2015-01-16 18:00:45 -05:00
Jannis Leidel
a17724b791
Fixed the length of a headline in the 1.8 release notes.
...
This broke the website design in the sidebar because the line could not be wrapped.
2015-01-16 21:29:28 +01:00
Tim Graham
8e8daf7c9b
Removed empty sections in 1.8 minor features.
2015-01-16 14:41:05 -05:00
Claude Paroz
b4ac232907
Fixed #24099 -- Removed contenttype.name deprecated field
...
This finsishes the work started on #16803 .
Thanks Simon Charette, Tim Graham and Collin Anderson for the
reviews.
2015-01-16 20:21:34 +01:00
Claude Paroz
a79e6b6717
Fixed #24152 -- Deprecated GeoQuerySet aggregate methods
...
Thanks Josh Smeaton and Tim Graham for the reviews.
2015-01-16 19:53:02 +01:00
Tim Graham
28db4af80a
Fixed #24135 -- Made RenameModel rename many-to-many tables.
...
Thanks Simon and Markus for reviews.
2015-01-15 20:34:33 -05:00
Tim Graham
28308078f3
Fixed #22603 -- Reorganized classes in django.db.backends.
2015-01-14 14:16:20 -05:00
Markus Holtermann
737d24923a
Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth
...
Thanks Florian Apolloner for the report and Claude Paroz and Tim Graham for the review and help on the patch.
2015-01-14 19:59:39 +01:00
Tim Graham
ec7ef5afbb
Added stub release notes for 1.7.4.
2015-01-14 09:47:29 -05:00
Tim Graham
1913c1ac21
Added today's security issues to the archive.
2015-01-13 14:44:08 -05:00
Tim Graham
7ecd654497
Removed blank lines from docs/releases/security.txt
2015-01-13 14:37:30 -05:00
Tim Graham
cbbe6a6abb
Added dates to release notes.
2015-01-13 13:08:57 -05:00
Tim Graham
baf2542c4f
Fixed DoS possibility in ModelMultipleChoiceField.
...
This is a security fix. Disclosure following shortly.
Thanks Keryn Knight for the report and initial patch.
2015-01-13 13:03:06 -05:00
Tim Graham
a3bebfdc34
Ensured views.static.serve() doesn't use large memory on large files.
...
This issue was fixed in master by refs #24072 .
2015-01-13 13:03:06 -05:00
Tim Graham
69b5e66738
Fixed is_safe_url() to handle leading whitespace.
...
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Carl Meyer
316b8d4974
Stripped headers containing underscores to prevent spoofing in WSGI environ.
...
This is a security fix. Disclosure following shortly.
Thanks to Jedediah Smith for the report.
2015-01-13 13:03:05 -05:00
Tim Graham
958aeda4b5
Added stub release notes for security releases.
2015-01-13 13:03:05 -05:00
Michał Modzelewski
65246de7b1
Fixed #24031 -- Added CASE expressions to the ORM.
2015-01-12 18:15:34 -05:00
Tim Graham
5d7217dce3
Fixed typo in docs/release/1.8.txt & added word for spelling check.
2015-01-12 17:53:32 -05:00
Josh Smeaton
21b858cb67
Fixed #24060 -- Added OrderBy Expressions
2015-01-13 09:39:55 +11:00
Claude Paroz
f48e2258a9
Fixed #24133 -- Replaced formatting syntax in success_url placeholders
...
Thanks Laurent Payot for the report, and Markus Holtermann, Tim Graham
for the reviews.
2015-01-12 22:51:22 +01:00
Aymeric Augustin
79deb6a071
Accounted for multiple template engines in template responses.
2015-01-12 21:01:34 +01:00
Aymeric Augustin
a3e783fe11
Deprecated passing a Context to a generic Template.render.
...
A deprecation path is required because the return type of
django.template.loader.get_template changed during the
multiple template engines refactor.
test_csrf_token_in_404 was incorrect: it tested the case when the
hardcoded template was rendered, and that template doesn't depend on the
CSRF token. This commit makes it test the case when a custom template is
rendered.
2015-01-12 21:01:34 +01:00
Pavel Shpilev
a7c256cb54
Fixed #9893 -- Allowed using a field's max_length in the Storage.
2015-01-12 09:09:18 -05:00
Marc Tamlyn
b5c1a85b50
Fixed #24118 -- Added --debug-sql option for tests.
...
Added a --debug-sql option for tests and runtests.py which outputs the
SQL logger for failing tests. When combined with --verbosity=2, it also
outputs the SQL for passing tests.
Thanks to Berker, Tim, Markus, Shai, Josh and Anssi for review and
discussion.
2015-01-12 08:16:08 +00:00
Ola Sitarska
d563e3be68
Fixed #23913 -- Deprecated the =
comparison in if
template tag.
2015-01-11 15:21:01 -05:00
Markus Holtermann
be158e3625
Refs #24110 -- Added a more descriptive release note and fixed a spelling mistake.
2015-01-11 00:30:47 +01:00