1
0
mirror of https://github.com/django/django.git synced 2024-11-18 07:26:04 +00:00
Commit Graph

13 Commits

Author SHA1 Message Date
Tim Graham
4f313e284e Refs #17209 -- Removed login/logout and password reset/change function-based views.
Per deprecation timeline.
2017-09-22 12:51:17 -04:00
Dmitry Dygalo
5155c2b458 Fixed typo in 1.9.3/1.8.10 release date. 2016-03-02 07:08:36 -05:00
Florian Apolloner
67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
This is a security fix.
2016-03-01 11:25:28 -05:00
Mark Striemer
c5544d2892 Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.
This is a security fix.
2016-03-01 11:25:28 -05:00
Tim Graham
f43291639b Added stub release notes for security issues. 2016-03-01 11:25:28 -05:00
Simon Charette
3938b3ccaa Fixed #26286 -- Prevented content type managers from sharing their cache.
This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.

Thanks Tim for the review.

Refs #23822.
2016-02-26 16:18:16 -05:00
Jon Dufresne
b412681359 Fixed #26267 -- Fixed BoundField to reallow slices of subwidgets. 2016-02-24 07:02:51 -05:00
Tim Graham
b1afebf882 Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator.
Thanks Shai Berger for the review.
2016-02-18 19:06:49 -05:00
Claude Paroz
928c12eb1a Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values
Also added tests for HStoreField and JSONField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
2016-02-16 21:07:05 +01:00
Alexey Kotlyarov
b59f963ad2 Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable. 2016-02-15 11:44:29 -05:00
Simon Charette
a325fb1f9b Fixed #26162 -- Checked query name clashes of hidden relationships.
Although reverse accessor clashes should be skipped query name can't be hidden.

Thanks to Ian Foote and Tim Graham for the review.
2016-02-08 09:59:27 -05:00
Tim Graham
97eb3356b2 Fixed #26177 -- Fixed a PostgreSQL crash with TIME_ZONE=None and USE_TZ=False. 2016-02-08 07:21:54 -05:00
Tim Graham
d6337e65ed Added stub release notes for 1.8.10. 2016-02-06 09:24:20 -05:00