Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
12,145 Commits 26 Branches 382 Tags
Commit Graph

12145 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ramon Moraes
5864e1f8e9 [1.4.x] Updated xhtml2pdf URL in docs. 2016-02-16 07:10:13 -05:00
Tim Graham
018efef59a [1.4.x] Post-release version bump. 2015-08-18 13:32:24 -04:00
Tim Graham
9ff23eb7cc [1.4.x] Bumped version for 1.4.22 release. 1.4.22 2015-08-18 08:39:59 -04:00
Tim Graham
575f59f9bc [1.4.x] Fixed DoS possiblity in contrib.auth.views.logout() 
Refs #20936 -- When logging out/ending a session, don't create a new, empty session.

Previously, when logging out, the existing session was overwritten by a
new sessionid instead of deleting the session altogether.

This behavior added overhead by creating a new session record in
whichever backend was in use: db, cache, etc.

This extra session is unnecessary at the time since no session data is
meant to be preserved when explicitly logging out.

Backport of 393c0e24223c701edeb8ce7dc9d0f852f0c081ad,
088579638b160f3716dc81d194be70c72743593f, and
2dee853ed4def42b7ef1b3b472b395055543cc00 from master

Thanks Florian Apolloner and Carl Meyer for review.

This is a security fix.
 2015-08-18 08:35:42 -04:00
Tim Graham
8b0d63914f [1.4.x] Added stub release notes for security releases. 2015-08-18 08:35:33 -04:00
Tim Graham
3b324970e3 [1.4.x] Fixed #25119 -- Disabled wheel support. 2015-07-13 19:57:52 -04:00
Tim Graham
3df6495c12 [1.4.x] Post-release version bump. 2015-07-08 16:01:55 -04:00
Tim Graham
622a11513e [1.4.x] Bumped version for 1.4.21 release. 1.4.21 2015-07-08 07:39:43 -04:00
Tim Graham
1ba1cdce7d [1.4.x] Prevented newlines from being accepted in some validators. 
This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.
 2015-07-08 07:38:06 -04:00
Carl Meyer
2e47f3e401 [1.4.x] Fixed #19324 -- Avoided creating a session record when loading the session. 
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
 2015-07-08 07:38:06 -04:00
Tim Graham
c570a5ec3e [1.4.x] Added security release note stubs. 2015-07-08 07:38:06 -04:00
Tim Graham
91a395fa80 [1.4.x] Backported .gitignore and .hgignore from master. 2015-07-01 10:41:23 -04:00
Tim Graham
664ad1252c [1.4.x] Added link to download page to find supported versions. 
Backport of 8c4827ec1d44fee05db189766174c115795a495e from master
 2015-04-04 08:00:44 -04:00
Tim Graham
b2a7878c10 [1.4.x] Post-release version bump. 2015-03-18 20:22:09 -04:00
Tim Graham
5388692144 [1.4.x] Bumped version for 1.4.20 release. 1.4.20 2015-03-18 08:43:42 -04:00
Tim Graham
2342693b31 [1.4.x] Made is_safe_url() reject URLs that start with control characters. 
This is a security fix; disclosure to follow shortly.
 2015-03-18 08:39:37 -04:00
Tim Graham
3b20558beb [1.4.x] Added stub release notes for security releases. 2015-03-18 08:39:12 -04:00
Carl Meyer
785e57e296 [1.4.x] Fix an encoding preamble so the tests pass on 2.7.9. 
It seems there was a change in the parsing of encoding preambles in Python
2.7.9, compared to previous 2.7.x Pythons. This is a backport of the only piece
of e520a73eeea6b185b719901ab9985ecef00e5664 that's needed to prevent an import
failure under 2.7.9.
 2015-02-06 20:20:02 -07:00
Tim Graham
e60557c249 [1.4.x] Fixed #24238 -- Removed unused WSGIRequestHandler.get_environ() 
Also moved the test as it wasn't running.
 2015-01-28 12:32:15 -05:00
Tim Graham
4376d6ef7b [1.4.x] Post-release version bump. 2015-01-27 12:26:26 -05:00
Tim Graham
7dd4c5221a [1.4.x] Bumped version for 1.4.19 release. 1.4.19 2015-01-27 11:55:02 -05:00
Benjamin Richter
1e39d0f628 [1.4.x] Fixed #24158 -- Allowed GZipMiddleware to work with streaming responses 
Backport of django.utils.text.compress_sequence and fix for
django.middleware.gzip.GZipMiddleware when using iterators as
response.content.
 2015-01-26 19:22:47 -05:00
Tim Graham
9435474068 [1.4.x] Designated Django 1.8 as the next LTS. 
Backport of c38db4d7e072e9a5002cb4897d9104e5eaa292ed from master
 2015-01-19 12:09:43 -05:00
Tim Graham
99e6ac77f2 [1.4.x] Fixed a static view test on Windows. 
Backport of a6f144fd4fee0090de3a99b1f50a4142722e7946 from master
 2015-01-14 13:57:59 -05:00
Tim Graham
4296a1da8b [1.4.x] Post-release version bump. 2015-01-13 14:16:07 -05:00
Tim Graham
bd9dcd226b [1.4.x] Bumped version for 1.4.18 release. 1.4.18 2015-01-13 13:14:08 -05:00
Tim Graham
88b7957b34 [1.4.x] Added dates to release notes. 2015-01-13 13:10:54 -05:00
Tim Graham
d020da6646 [1.4.x] Prevented views.static.serve() from using large memory on large files. 
This is a security fix. Disclosure following shortly.
 2015-01-05 13:43:54 -05:00
Tim Graham
4c241f1b71 [1.4.x] Fixed is_safe_url() to handle leading whitespace. 
This is a security fix. Disclosure following shortly.
 2015-01-05 13:43:32 -05:00
Carl Meyer
4f6fffc1dc [1.4.x] Stripped headers containing underscores to prevent spoofing in WSGI environ. 
This is a security fix. Disclosure following shortly.

Thanks to Jedediah Smith for the report.
 2015-01-05 13:43:15 -05:00
Tim Graham
113a8980f4 [1.4.x] Added stub release notes for security releases. 2015-01-05 13:42:52 -05:00
Tim Graham
2fd8054fda [1.4.x] Fixed #24081 -- Downgraded six to 1.8.0. 
This reverts commit a25c444bc701b496f2b05f57fc3ec42cdac9dd85.

six 1.9+ requires Python 2.6 so this commit restores Python 2.5 compatibility.
 2015-01-05 13:41:06 -05:00
Tim Graham
032ffade8a [1.4.x] Removed wheel generation from Makefile. 2015-01-02 22:01:51 -05:00
Tim Graham
52136afda4 [1.4.x] Post-release version bump. 2015-01-02 21:49:44 -05:00
Tim Graham
592187e11b [1.4.x] Bumped version for 1.4.17 release. 1.4.17 2015-01-02 21:07:00 -05:00
Tim Graham
35dc639cd6 [1.4.x] Added dates to release notes. 
Backport of 15cd71ed24945ff7be5716580603fd65c0d45ef7 from master
 2015-01-02 19:23:14 -05:00
Tim Graham
a25c444bc7 [1.4.x] Updated six to 1.9.0. 
Backport of 52f0b2b62262743d5f935ddae29428e661b5d8ea from master
 2015-01-02 13:38:58 -05:00
Simon Charette
5940da16af [1.4.x] Fixed #23754 -- Always allowed reference to the primary key in the admin 
This change allows dynamically created inlines "Add related" button to work
correcly as long as their associated foreign key is pointing to the primary
key of the related model.

Thanks to amorce for the report, Julien Phalip for the initial patch,
and Collin Anderson for the review.

Backport of f9c4e14aeca7df79991bca8ac2d743953cbd095c from master
 2014-11-25 14:04:56 -05:00
Tim Graham
c83b024b37 [1.4.x] Removed thread customizations of six which are now built-in. 
Backport of 7ef81b5cdd4c8eda12aa7786484a0bfde00aaaa4 from master
 2014-11-13 11:36:21 +01:00
Tim Graham
a1dcd82b28 [1.4.x] Updated six to 1.8.0. 
Backport of 81477c91f6 from master
 2014-11-04 21:30:21 -05:00
Tim Graham
486b6ca3bc [1.4.x] Post-release version bump. 2014-10-22 13:33:07 -04:00
James Bennett
151d6dbf9c [1.4.x] Bump version numbers for bugfix release. 1.4.16 2014-10-22 12:36:19 -04:00
Tim Graham
a92e386e26 [1.4.x] Added release dates to release notes. 
Backport of 9dc782b631 from master
 2014-10-22 12:25:45 -04:00
Tim Graham
643374bcf5 [1.4.x] Fixed #23631 -- Removed outdated note on MySQL timezone support. 
Thanks marfire for the report.

Backport of 9db3653670 from master
 2014-10-10 15:22:46 -04:00
Emmanuelle Delescolle
f58392d8d8 [1.4.x] Fixed #23604 -- Allowed related m2m fields to be references in the admin. 
Thanks Simon Charette for review.

Backport of a24cf21722 from master
 2014-10-06 09:08:45 -04:00
Tim Graham
df657a7682 [1.4.x] Required numpy < 1.9 for tests; refs #23489. 
Backport of 4743a94429 from stable/1.7.x
 2014-09-29 19:47:33 -04:00
Joseph Dougherty
3132edae41 [1.4.x] Fixed #23499 -- Error in built-in template tag "now" documentation 
Backport of ab8248361e0a7b4fc7684eaaa5891e16b8562683 from master.
 2014-09-17 09:26:45 +02:00
Claude Paroz
ba2be27613 [1.4.x] Fixed #20036 -- Improved GEOS version string parsing 
Thanks chikiro.spam at gmail.com for the report.
 2014-09-11 20:54:33 +02:00
Simon Charette
065caafa70 [1.4.x] Fixed #23431 -- Allowed inline and hidden references to admin fields. 
This fixes a regression introduced by the 53ff096982 security fix.

Thanks to @a1tus for the report and Tim for the review.

refs #23329.

Backport of 342ccbd from master
 2014-09-08 14:22:29 -04:00
Tim Graham
78085844a7 [1.4.x] Added dates to release notes. 
Backport of 0fd23545db from master
 2014-09-02 21:36:44 -04:00