mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-14 19:30:46 +00:00
Code Issues 32 Releases Wiki Activity
15,940 Commits 29 Branches 437 Tags
Commit Graph

800 Commits

Author SHA1 Message Date
Tim Graham
5510f07071 [1.6.x] Made is_safe_url() reject URLs that start with control characters. 
This is a security fix; disclosure to follow shortly.
 2015-03-18 08:47:43 -04:00
Tim Graham
b6b3cb9899 [1.6.x] Fixed an infinite loop possibility in strip_tags(). 
This is a security fix; disclosure to follow shortly.
 2015-03-18 08:47:16 -04:00
Tim Graham
581a43948f [1.6.x] Added stub release notes for security releases. 2015-03-18 08:46:36 -04:00
Kenneth Kam
778ccee9bc [1.6.x] Fixed #23762 -- clarified CACHE_MIDDLEWARE_ANONYMOUS_ONLY deprecation in docs 
Backport of e83aba0e2cce16cd1b32d1c172239a4e20867e95 from master
 2015-02-23 09:24:21 -05:00
Tim Graham
d686c9b631 [1.6.x] Fixed casing of "GeoDjango". 2015-02-12 13:32:02 +05:00
Tim Graham
829d62bd52 [1.6.x] Added 1.4.19 release notes. 2015-01-27 11:48:47 -05:00
Tim Graham
f9de1998f9 [1.6.x] Added dates to release notes. 2015-01-13 13:10:25 -05:00
Tim Graham
d7a06ee7e5 [1.6.x] Fixed DoS possibility in ModelMultipleChoiceField. 
This is a security fix. Disclosure following shortly.

Thanks Keryn Knight for the report and initial patch.
 2015-01-13 13:10:11 -05:00
Tim Graham
553779c405 [1.6.x] Prevented views.static.serve() from using large memory on large files. 
This is a security fix. Disclosure following shortly.
 2015-01-13 13:10:11 -05:00
Tim Graham
72e0b03366 [1.6.x] Fixed is_safe_url() to handle leading whitespace. 
This is a security fix. Disclosure following shortly.
 2015-01-13 13:10:11 -05:00
Carl Meyer
d7597b31d5 [1.6.x] Stripped headers containing underscores to prevent spoofing in WSGI environ. 
This is a security fix. Disclosure following shortly.

Thanks to Jedediah Smith for the report.
 2015-01-13 13:10:11 -05:00
Tim Graham
f143e25883 [1.6.x] Added stub release notes for security releases. 2015-01-13 13:10:11 -05:00
Tim Graham
5e45c4f7c2 [1.6.x] Added 1.4.18 release notes. 
Backport of ce17b045bf5629aac66f872c3f548205906e04db from master
 2015-01-05 14:25:41 -05:00
Tim Graham
22d3048676 [1.6.x] Added dates to release notes. 
Backport of 15cd71ed24945ff7be5716580603fd65c0d45ef7 from master
 2015-01-02 19:20:59 -05:00
Tim Graham
0114b9df13 [1.6.x] Updated six to 1.9.0. 
Backport of 52f0b2b62262743d5f935ddae29428e661b5d8ea from master
 2015-01-02 13:33:46 -05:00
Tim Graham
0e3626260d [1.6.x] Added upgrade instructions for deprecated model _meta permission methods. 
Backport of a3d96bee36040975ded8e3bf02e33e48d06f1f16 from master
 2014-12-19 19:12:54 -05:00
Markus Holtermann
b6c05b2b94 [1.6.x] Fixed display of lists after website redesign 
Thanks Brian Jacobel for the report. refs django/djangoproject.com#197

Backport of c7786550c4ed396b8580db58f7da60e850894d19 from master
 2014-12-17 08:26:36 -05:00
Alex Gaynor
3ac7d83ba5 [1.6.x] Fixed the formatting of one section of the security page 
Backport of 104aaab7049afc6ef456fee52763f6d4f7dd575d from master
 2014-12-16 19:01:29 -05:00
Simon Charette
2fd16232b1 [1.6.x] Fixed #23754 -- Always allowed reference to the primary key in the admin 
This change allows dynamically created inlines "Add related" button to work
correcly as long as their associated foreign key is pointing to the primary
key of the related model.

Thanks to amorce for the report, Julien Phalip for the initial patch,
and Collin Anderson for the review.

Backport of f9c4e14aeca7df79991bca8ac2d743953cbd095c from master
 2014-11-25 13:48:50 -05:00
Luke Plant
3c317064d8 [1.6.x] Further fixes to the migration notes for get_query_set 
This rename is very tricky for the case of subclasses which define
get_query_set and haven't been updated yet, which applies to all projects in
the form of RelatedManager from Django 1.5.

Backport of 0c623da66406d1f20b5e26d497d57da5ad0de066 from master
 2014-11-24 15:36:46 +00:00
Luke Plant
1fa2e7aba1 [1.6.x] Better migration docs for get_query_set -> get_queryset 
This way they won't need to fix things again when get_query_set disappears

Backport of 91e2780dfba5609b0f83d51aee1cf7e8fe78b1f7 from master
 2014-11-24 10:13:17 +00:00
aruseni
bcdfa0eb9a [1.6.x] Fixed a typo in 1.6 release notes. 
Backport of 006451f894 from master
 2014-11-10 15:39:09 +01:00
Tim Graham
df47f0c918 [1.6.x] Fixed #23785 -- Typo in docs/releases/1.6.txt 
Backport of 091f5b5a4e from master
 2014-11-09 22:12:21 +01:00
Tim Graham
61f20b42cd [1.6.x] Updated six to 1.8.0. 
Backport of 81477c91f6 from master
 2014-11-04 21:25:08 -05:00
Tim Graham
66be18ea58 [1.6.x] Added release dates to release notes. 
Backport of 9dc782b631 from master
 2014-10-22 12:24:30 -04:00
Emmanuelle Delescolle
c5c4bfa12a [1.6.x] Fixed #23604 -- Allowed related m2m fields to be references in the admin. 
Thanks Simon Charette for review.

Backport of a24cf21722 from master
 2014-10-06 08:50:48 -04:00
Luke Plant
e71ef9b6f2 [1.6.x] Documented how to rename get_query_set if you are a library author 
Backport of ca139bbfdf48bf59b0918a7d675cdc5d4ae60957 from master
 2014-10-02 11:35:59 +01:00
Tim Graham
452587aba8 [1.6.x] Forwardported 1.4.16 release notes. 
Backport of 0ae79014c0 from master
 2014-09-13 09:23:46 -04:00
Simon Charette
a7af6ad96a [1.6.x] Fixed #23431 -- Allowed inline and hidden references to admin fields. 
This fixes a regression introduced by the 53ff096982 security fix.

Thanks to @a1tus for the report and Tim for the review.

refs #23329.

Backport of 342ccbd from master
 2014-09-08 14:05:26 -04:00
Tim Graham
f7c7ab0e89 [1.6.x] Added dates to release notes. 
Backport of 0fd23545db from master
 2014-09-02 21:35:07 -04:00
Akis Kesoglou
b877697472 [1.6.x] Fixed #23370 -- defer() + select_related() crashed with inherited models. 
Backport of 6613ea6e3f from master
 2014-08-30 07:16:47 -04:00
Simon Charette
996ac768e3 [1.6.x] Fixed #23375 -- Added missing security issues to the archive. 
Backport of c9c0be3 from master
 2014-08-28 11:08:11 -04:00
Simon Charette
e3453b61c6 [1.6.x] Fixed #23329 -- Allowed inherited and m2m fields to be referenced in the admin. 
Thanks to Trac alias Markush2010 and ross for the detailed reports.

Backport of 3cbb759 from master
 2014-08-27 21:50:29 -04:00
Tim Graham
66638a09c5 [1.6.x] Added dates to release notes. 
Backport of b902be798e from master
 2014-08-20 16:32:51 -04:00
Simon Charette
f7c494f250 [1.6.x] Prevented data leakage in contrib.admin via query string manipulation. 
This is a security fix. Disclosure following shortly.
 2014-08-20 11:43:43 -04:00
Preston Holmes
0268b855f9 [1.6.x] Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USE change. 
This is a security fix. Disclosure following shortly.
 2014-08-20 11:43:43 -04:00
Tim Graham
dd0c3f4ee1 [1.6.x] Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file names. 
This is a security fix. Disclosure following shortly.
 2014-08-20 11:43:43 -04:00
Florian Apolloner
da051da8df [1.6.x] Prevented reverse() from generating URLs pointing to other hosts. 
This is a security fix. Disclosure following shortly.
 2014-08-20 11:43:43 -04:00
Tim Graham
52b878d805 [1.6.x] Added release note stubs for 1.5.9 and 1.4.14. 2014-08-20 11:43:43 -04:00
Tim Graham
48368d421c [1.6.x] Added sphinx extension to ease generation of ticket links. 
Backport of fca677fa43 from master
 2014-08-19 17:47:21 -04:00
Claude Paroz
9f9fdc4b0a [1.6.x] Fixed #22996 -- Prevented crash with unencoded query string 
Thanks Jorge Carleitao for the report and Aymeric Augustin, Tim Graham
for the reviews.
Backport of fa02120d36 from master.
 2014-08-19 22:55:35 +02:00
Claude Paroz
f5e8376288 [1.6.x] Fixed multi geometries editing in OpenLayers widget 
Backport of 457c16d0d from master.
 2014-08-15 10:10:35 +02:00
Claude Paroz
99b5567796 [1.6.x] Fixed #23265 -- Used system-specific encoding in runserver 
Thanks SpaceFox for the report.
Backport of 055d95fce066 from master.
 2014-08-14 12:11:42 +02:00
Tim Graham
0dfc37669d [1.6.x] Updated MySQL links to version 5.6. 
Backport of fb4f3e04b1 from master
 2014-08-02 10:27:34 -04:00
Tim Graham
e4b2bea743 [1.6.x] Fixed #19107 -- Restored bug fix for sending unicode email with Python 2.6.5 and below. 2014-07-30 09:29:08 -04:00
Shai Berger
838b7f8220 [1.6.x] Fixed #20292: Pass datetime objects (not formatted dates) as params to Oracle 
This seems worthwhile in its own right, but also works around an Oracle
bug (in versions 10 -- 11.1) where the use of Unicode would reset the
date/time formats, causing ORA-01843 errors.

Thanks Trac users CarstenF for the report, jtiai for the initial patch,
and everyone who contributed to the discussion on the ticket.

Backport of 6983201 from master.
 2014-07-29 07:00:26 -04:00
David Hoffman
2630cafc86 [1.6.x] Fixed #23097 -- Switched to new octal format in docs 
Backport of e1c85167a3 from master.
 2014-07-26 11:24:04 +02:00
Aymeric Augustin
83098dccdf [1.6.x] Fixed #23089 -- Fixed transaction handling in two management commands. 
Previously, when createcachetable and flush operated on non-default
databases, they weren't atomic.

Also avoided transactional DDL and transactional truncates on databases
that don't support them (refs #22308).

Backport of 753a22a635, 0757e0f30d, and 6877a9d415 from master
 2014-07-24 19:27:15 -04:00
Tim Graham
ca44366b15 [1.6.x] Added 1.6.6 release notes for #22998. 2014-07-16 13:36:19 -04:00
Ramiro Morales
609153d2bf [1.6.x] Added release note for issue 13794 fix. 2014-07-14 22:45:41 -03:00