mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-19 17:19:12 +00:00
Code Issues 32 Releases Wiki Activity
12,138 Commits 29 Branches 451 Tags
Commit Graph

439 Commits

Author SHA1 Message Date
Tim Graham
1ba1cdce7d [1.4.x] Prevented newlines from being accepted in some validators. 
This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.
 2015-07-08 07:38:06 -04:00
Carl Meyer
2e47f3e401 [1.4.x] Fixed #19324 -- Avoided creating a session record when loading the session. 
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
 2015-07-08 07:38:06 -04:00
Tim Graham
c570a5ec3e [1.4.x] Added security release note stubs. 2015-07-08 07:38:06 -04:00
Tim Graham
2342693b31 [1.4.x] Made is_safe_url() reject URLs that start with control characters. 
This is a security fix; disclosure to follow shortly.
 2015-03-18 08:39:37 -04:00
Tim Graham
3b20558beb [1.4.x] Added stub release notes for security releases. 2015-03-18 08:39:12 -04:00
Tim Graham
7dd4c5221a [1.4.x] Bumped version for 1.4.19 release. 2015-01-27 11:55:02 -05:00
Benjamin Richter
1e39d0f628 [1.4.x] Fixed #24158 -- Allowed GZipMiddleware to work with streaming responses 
Backport of django.utils.text.compress_sequence and fix for
django.middleware.gzip.GZipMiddleware when using iterators as
response.content.
 2015-01-26 19:22:47 -05:00
Tim Graham
88b7957b34 [1.4.x] Added dates to release notes. 2015-01-13 13:10:54 -05:00
Tim Graham
d020da6646 [1.4.x] Prevented views.static.serve() from using large memory on large files. 
This is a security fix. Disclosure following shortly.
 2015-01-05 13:43:54 -05:00
Tim Graham
4c241f1b71 [1.4.x] Fixed is_safe_url() to handle leading whitespace. 
This is a security fix. Disclosure following shortly.
 2015-01-05 13:43:32 -05:00
Carl Meyer
4f6fffc1dc [1.4.x] Stripped headers containing underscores to prevent spoofing in WSGI environ. 
This is a security fix. Disclosure following shortly.

Thanks to Jedediah Smith for the report.
 2015-01-05 13:43:15 -05:00
Tim Graham
113a8980f4 [1.4.x] Added stub release notes for security releases. 2015-01-05 13:42:52 -05:00
Tim Graham
2fd8054fda [1.4.x] Fixed #24081 -- Downgraded six to 1.8.0. 
This reverts commit a25c444bc701b496f2b05f57fc3ec42cdac9dd85.

six 1.9+ requires Python 2.6 so this commit restores Python 2.5 compatibility.
 2015-01-05 13:41:06 -05:00
Tim Graham
35dc639cd6 [1.4.x] Added dates to release notes. 
Backport of 15cd71ed24945ff7be5716580603fd65c0d45ef7 from master
 2015-01-02 19:23:14 -05:00
Tim Graham
a25c444bc7 [1.4.x] Updated six to 1.9.0. 
Backport of 52f0b2b62262743d5f935ddae29428e661b5d8ea from master
 2015-01-02 13:38:58 -05:00
Simon Charette
5940da16af [1.4.x] Fixed #23754 -- Always allowed reference to the primary key in the admin 
This change allows dynamically created inlines "Add related" button to work
correcly as long as their associated foreign key is pointing to the primary
key of the related model.

Thanks to amorce for the report, Julien Phalip for the initial patch,
and Collin Anderson for the review.

Backport of f9c4e14aeca7df79991bca8ac2d743953cbd095c from master
 2014-11-25 14:04:56 -05:00
Tim Graham
a1dcd82b28 [1.4.x] Updated six to 1.8.0. 
Backport of 81477c91f6 from master
 2014-11-04 21:30:21 -05:00
Tim Graham
a92e386e26 [1.4.x] Added release dates to release notes. 
Backport of 9dc782b631 from master
 2014-10-22 12:25:45 -04:00
Emmanuelle Delescolle
f58392d8d8 [1.4.x] Fixed #23604 -- Allowed related m2m fields to be references in the admin. 
Thanks Simon Charette for review.

Backport of a24cf21722 from master
 2014-10-06 09:08:45 -04:00
Claude Paroz
ba2be27613 [1.4.x] Fixed #20036 -- Improved GEOS version string parsing 
Thanks chikiro.spam at gmail.com for the report.
 2014-09-11 20:54:33 +02:00
Simon Charette
065caafa70 [1.4.x] Fixed #23431 -- Allowed inline and hidden references to admin fields. 
This fixes a regression introduced by the 53ff096982 security fix.

Thanks to @a1tus for the report and Tim for the review.

refs #23329.

Backport of 342ccbd from master
 2014-09-08 14:22:29 -04:00
Tim Graham
78085844a7 [1.4.x] Added dates to release notes. 
Backport of 0fd23545db from master
 2014-09-02 21:36:44 -04:00
Simon Charette
4685026840 [1.4.x] Fixed #23329 -- Allowed inherited and m2m fields to be referenced in the admin. 
Thanks to Trac alias Markush2010 and ross for the detailed reports.

Backport of 3cbb759 from master
 2014-08-27 22:12:37 -04:00
Tim Graham
e484df76b6 [1.4.x] Added dates to release notes. 2014-08-20 16:33:50 -04:00
Simon Charette
027bd34864 [1.4.x] Prevented data leakage in contrib.admin via query string manipulation. 
This is a security fix. Disclosure following shortly.
 2014-08-11 16:01:41 -04:00
Preston Holmes
c9e3b9949c [1.4.x] Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USE change. 
This is a security fix. Disclosure following shortly.
 2014-08-11 12:15:06 -04:00
Tim Graham
30042d475b [1.4.x] Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file names. 
This is a security fix. Disclosure following shortly.
 2014-08-11 10:14:06 -04:00
Florian Apolloner
c2fe73133b [1.4.x] Prevented reverse() from generating URLs pointing to other hosts. 
This is a security fix. Disclosure following shortly.
 2014-08-11 09:04:23 -04:00
Tim Graham
4d5e972a2c [1.4.x] Added release note stub for 1.4.14. 2014-08-11 08:47:06 -04:00
Tim Graham
d39fcff11a [1.4.x] Minor edits to latest release notes. 
Backport of 860d31ac7a3bdd4b27db8b34b110b3d801ddaf8a from master
 2014-05-15 07:17:54 -04:00
Jacob Kaplan-Moss
fe5b3e36a2 Added release notes for 1.4.13. 2014-05-14 18:07:32 +02:00
Tim Graham
e1812617cf [1.4.x] Added dates to release notes of today's release. 
Backport of 68d264059abb21b96c4fe68bf4d99520268a451c from master
 2014-04-28 19:07:51 -04:00
Tim Graham
b91c385e32 [1.4.x] Fixed #22486 -- Restored the ability to reverse views created using functools.partial. 
Regression in 8b93b31.

Thanks rcoup for the report.

Backport of 3c06b2f2a3 from master
 2014-04-23 09:22:02 -04:00
Erik Romijn
8010908313 [1.4.x] Added information on resolved security issues to release notes. 
Backport of c07f3e60c2d455e36ba4ac339d4283d32bbc3814 from master
 2014-04-21 18:31:44 -04:00
Tim Graham
f2a9f71565 [1.4.x] Updated six to 1.6.1. 
Backport of 2ec82c7387db071278201796208808de84c90dbf from master
 2014-03-24 07:35:13 -04:00
Tim Graham
74181c0a2c [1.4.x] Added release note stub for 1.4.11. 
Backport of dfa28981ce from master.
 2014-01-26 17:50:12 -05:00
Tim Graham
c5d071f85a [1.4.x] Added 1.4.10 release notes to index. 2013-11-07 09:38:53 -05:00
James Bennett
30eb916bdb [1.4.x] Bump version info and add release notes for 1.4.10. 2013-11-06 08:17:26 -06:00
Paolo Melchiorre
d491702ed7 [1.4.x] Fixed typo in docs/releases/1.4.9.txt. 
Backport of 3b0293370a from master
 2013-10-25 07:55:50 -04:00
James Bennett
8f36d1fd95 [1.4.x] Bump everything for 1.4.9 bugfix release. 2013-10-24 23:37:26 -05:00
Tim Graham
3a46f621fe [1.4.x] Bumped release date for 1.5.5 & 1.4.9. 
Backport of 4ce5c119b5 from master
 2013-10-23 18:29:53 -04:00
Tim Graham
ead7c496a4 [1.4.x] Added 1.4.9 release notes 
Backport of 2eb8f15516 from master
 2013-10-22 20:25:20 -04:00
Tim Graham
ca77e38d24 [1.4.x] Cleaned up 1.4.8 release notes 
Backport of 8d29005524 from master
 2013-09-15 14:29:40 -04:00
James Bennett
3ffc7b52f8 [1.4.x] Add release notes and bump version numbers for 1.4.8 security release. 2013-09-14 23:53:07 -06:00
Tim Graham
d1dc8a0d00 Added 1.4.7 release notes 
Backport of baec6a26dd from master
 2013-09-10 21:09:47 -04:00
Tim Graham
d77ce64fe8 [1.4.x] Removed 1.5.2 release notes 2013-08-13 13:15:54 -04:00
Tim Graham
e61e20e497 Added 1.4.6/1.5.2 release notes. 2013-08-13 11:18:07 -05:00
Tim Graham
b50be6857c [1.4.x] Added missing release notes for older versions of Django 
Backport of 3f6cc33cff from master
 2013-08-12 14:11:10 -04:00
Tim Graham
7b7592cafa [1.4.x] Fixed #18944 -- Documented PasswordResetForm's from_email argument as a backwards incompatible change for 1.3 
Thanks DrMeers for the report.

Backport of dab921751d from master
 2013-07-08 15:06:45 -04:00
Carl Meyer
5d1791ffd2 [1.4.x] Don't characterize XML vulnerabilities as DoS-only. 2013-02-19 18:22:22 -07:00