Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
24,408 Commits 26 Branches 382 Tags
Commit Graph

24408 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
alan
11bb365c7b Apply all patches up to CVE-2023-36053 2023-07-13 14:15:15 -07:00
Mariusz Felisiak
c669cf279a [1.11.x] Fixed GeoQuerySetTest.test_unionagg_tolerance() test on Oracle 18c. 
Backport of 5ca76baa729bbbe62f5c4a0fc4f89747dc999029 from master
 2020-03-05 08:57:26 +01:00
Mariusz Felisiak
51a6edc4b0 [1.11.x] Fixed typo in docs/releases/1.11.29.txt. 
Backport of 43f8ba1c7c0a264b67224c62b48fcd0dfdaddec3 from master
 2020-03-04 10:49:40 +01:00
Mariusz Felisiak
48cf72b981 [1.11.x] Added CVE-2020-9402 to security archive. 
Backport of f37f9a0bf061fd0dfe4e45adb39157c3307ec8e2 from master
 2020-03-04 10:11:26 +01:00
Mariusz Felisiak
22384d417b [1.11.x] Post-release version bump. 2020-03-04 09:53:00 +01:00
Mariusz Felisiak
f1e3017aea [1.11.x] Bumped version for 1.11.29 release. 1.11.29 2020-03-04 09:49:38 +01:00
Mariusz Felisiak
02d97f3c9a [1.11.x] Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle. 
Thanks to Norbert Szetei for the report.
 2020-03-04 09:47:05 +01:00
Mariusz Felisiak
e643833562 [1.11.x] Pinned PyYAML < 5.3 in test requirements. 
PyYAML 5.3+ doesn't support Python 3.4.
 2020-02-04 10:06:07 +01:00
Carlton Gibson
d0e3eb8e82 [1.11.x] Added CVE-2020-7471 to security archive. 
Backport of d8b2ccbbb846328a0938347dc70cb2e603164d9a from master
 2020-02-03 10:15:26 +01:00
Carlton Gibson
9a62ed5d5f [1.11.x] Post-release version bump. 2020-02-03 09:27:14 +01:00
Carlton Gibson
e09f09b965 [1.11.x] Bumped version for 1.11.28 release. 1.11.28 2020-02-03 09:16:55 +01:00
Carlton Gibson
001b0634cd [1.11.x] Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter. 2020-01-26 19:02:04 +01:00
Mariusz Felisiak
7fd1ca3ef6 [1.11.x] Fixed timezones tests for PyYAML 5.3+. 
Backport of 8be477be5c1a4afc9ad00bb58a324f637e018c0f from master
 2020-01-07 09:56:12 +01:00
Mariusz Felisiak
121115d2c2 [1.11.x] Added CVE-2019-19844 to the security archive. 
Backport of 5a2b9f0b546222e928df91310acb9cf363a6c920 from master
 2019-12-18 10:40:52 +01:00
Mariusz Felisiak
2c4fb9a35d [1.11.x] Post-release version bump. 2019-12-18 09:35:18 +01:00
Mariusz Felisiak
358973a12e [1.11.x] Bumped version for 1.11.27 release. 1.11.27 2019-12-18 09:32:29 +01:00
Simon Charette
f4cff43bf9 [1.11.x] Fixed CVE-2019-19844 -- Used verified user email for password reset requests. 
Backport of 5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70 from master.

Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
 2019-12-18 09:17:28 +01:00
Mariusz Felisiak
a2355740ed [1.11.x] Refs #31073 -- Added release notes for 02eff7ef60466da108b1a33f1e4dc01eec45c99d. 
Backport of ec12c37384798093e359971c8980fe0c68d555bc from master.
 2019-12-11 10:14:57 +01:00
Peter Andersen
e8fdf00cc2 [1.11.x] Fixed #31073 -- Prevented CheckboxInput.get_context() from mutating attrs. 
Backport of 02eff7ef60466da108b1a33f1e4dc01eec45c99d from master.
 2019-12-11 09:43:36 +01:00
Mariusz Felisiak
4f1501660b [1.11.x] Post-release version bump. 2019-11-04 09:31:11 +01:00
Mariusz Felisiak
f24d305761 [1.11.x] Bumped version for 1.11.26 release. 1.11.26 2019-11-04 09:21:03 +01:00
Mariusz Felisiak
4017507660 [1.11.x] Added release date for 1.11.26. 
Backport of 126cfefce2b59900138f2bf1ef6ad966cddc55d4 from master
 2019-11-04 08:30:17 +01:00
Louise Grandjonc
a843a9ba8d [1.11.x] Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform. 
Regression in 6c3dfba89215fc56fc27ef61829a6fff88be4abb.

Backport of 7d1bf29977bb368d7c28e7c6eb146db3b3009ae7 from master.
 2019-10-11 12:01:42 +02:00
Mariusz Felisiak
cf2b475aab [1.11.x] Added stub release notes for 1.11.26. 
Backport of 84322a29ce9b0940335f8ab3d60e55192bef1e50 from master
 2019-10-02 07:58:03 +02:00
Carlton Gibson
b73bb46d42 [1.11.x] Post-release version bump. 2019-10-01 10:06:53 +02:00
Carlton Gibson
81f0da91fb [1.11.x] Bumped version for 1.11.25 release. 1.11.25 2019-10-01 09:54:07 +02:00
Carlton Gibson
9d2916faf5 [1.11.x] Added release date for 1.11.25. 
Backport of 3826aed46d7d4310c2ab6777a4f92165ca4d8d4f from master.
 2019-10-01 09:01:51 +02:00
Simon Charette
fd393907c9 [1.11.x] Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation. 
This was a regression introduced by 7deeabc7c7526786df6894429ce89a9c4b614086
to address CVE-2019-14234.

Thanks Tim Kleinschmidt for the report and Mariusz for the tests.

Backport of 6c3dfba89215fc56fc27ef61829a6fff88be4abb from master.
 2019-09-16 09:05:48 +02:00
Mariusz Felisiak
30c3d5fd73 [1.11.x] Added stub release notes for 1.11.25. 
Backport of bd7e0f81f8590eadcb820c976ba03c9b75bbcad6 from master
 2019-09-16 07:45:42 +02:00
Mariusz Felisiak
f213c4c406 [1.11.x] Post-release version bump. 2019-09-02 09:02:39 +02:00
Mariusz Felisiak
4c049c805a [1.11.x] Bumped version for 1.11.24 release. 1.11.24 2019-09-02 08:45:34 +02:00
Mariusz Felisiak
835b62a588 [1.11.x] Added release date for 1.11.24. 
Backport of 47f49adc11c0d39be3f41f92becc1f606c49d8ce from master.
 2019-09-02 07:49:10 +02:00
Mariusz Felisiak
473c526b1b [1.11.x] Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params. 
Regression in 4f5b58f5cd3c57fee9972ab074f8dc6895d8f387.

Thanks Florian Apolloner for the report and helping with tests.

Backport of 1f8382d34d54061eddc41df6994e20ee38c60907 from master.
 2019-08-14 15:58:10 +02:00
Carlton Gibson
3deda1f680 [1.11.x] Added CVE-2019-14235 to security release archive. 
Backport of a5652eb795e896df0c0f2515201f35f9cd86b99b from master
 2019-08-01 12:07:11 +02:00
Carlton Gibson
738b45dd3b [1.11.x] Added CVE-2019-14234 to security release archive. 
Backport of 3a6a2f5eaf74200a9591a6311fdb0ea78ee305ee from master
 2019-08-01 12:07:06 +02:00
Carlton Gibson
7482d25f1e [1.11.x] Added CVE-2019-14233 to security release archive. 
Backport of 9600f63885d2d240f85d59bff6acbe200f890298 from master
 2019-08-01 12:07:00 +02:00
Carlton Gibson
ba791617e0 [1.11.x] Added CVE-2019-14232 to the security release archive. 
Backport of 87750787d1e464b7143f366d9485ba20fefc9c94 from master
 2019-08-01 12:06:54 +02:00
Carlton Gibson
1e6a5b0001 [1.11.x] Post-release version bump. 2019-08-01 10:46:21 +02:00
Carlton Gibson
974897759e [1.11.x] Bumped version for 1.11.23 release. 1.11.23 2019-08-01 10:43:51 +02:00
Florian Apolloner
869b34e9b3 [1.11.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri(). 
Thanks to Guido Vranken for initial report.
 2019-07-31 21:29:17 +02:00
Mariusz Felisiak
ed682a24fc [1.11.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection. 
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
 2019-07-31 21:29:17 +02:00
Florian Apolloner
52479acce7 [1.11.x] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities. 
Thanks to Guido Vranken for initial report.
 2019-07-29 11:20:43 +02:00
Florian Apolloner
42a66e9690 [1.11.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML. 
Thanks to Guido Vranken for initial report.
 2019-07-29 11:18:34 +02:00
Carlton Gibson
693046e54b [1.11.x] Added stub release notes for security releases. 
Backport of f13147c8de725eed7038941758469aeb9bd66503 from master.
 2019-07-25 10:58:17 +02:00
Mariusz Felisiak
6d054b5a8f [1.11.x] Added CVE-2019-12781 to the security release archive. 
Backport of 868cd56f058ca203419ad0886353173b74c3bcf1 from master
 2019-07-01 10:24:29 +02:00
Mariusz Felisiak
7c849b9e3b [1.11.x] Post-release version bump. 2019-07-01 08:47:34 +02:00
Mariusz Felisiak
480380c993 [1.11.x] Bumped version for 1.11.22 release. 1.11.22 2019-07-01 08:43:35 +02:00
Carlton Gibson
32124fc41e [1.11.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.

Backport of 54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 from master.
 2019-07-01 08:40:19 +02:00
Mariusz Felisiak
58553bb297 [1.11.x] Added stub release notes for security releases. 
Backport of 30b3ee9d0b33bb440f9c73d1ce9e0e7303887a9f from master
 2019-07-01 07:05:49 +02:00
Mariusz Felisiak
bc5febec4e [1.11.x] Fixed GeoIPTest.test04_city() failure with the latest GeoIP2 database. 
Backport of 4305fbe8b11f44ab5d6759346488026c1e9677b2 from master.
 2019-06-30 20:21:27 +02:00