Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
20,843 Commits 26 Branches 382 Tags
Commit Graph

8329 Commits

Author SHA1 Message Date
Tim Graham
6a0dc2176f [1.8.x] Added CVE-2018-7536,7 to the security release archive. 
Backport of 5bbbdd26d1ea4f3bb164ad64b0d0d458d8bfdd02 from master
 2018-03-06 13:10:07 -05:00
Tim Graham
1bdd9e5f5d [1.8.x] Added CVE-2018-6188 to the security release archive. 
Backport of 66119ed64233c3abe586606a9e81a75edc2a6a92 from master
 2018-03-06 13:09:57 -05:00
Tim Graham
d17974a287 [1.8.x] Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator. 
Thanks James Davis for suggesting the fix.
 2018-03-01 11:58:41 -05:00
Tim Graham
1ca63a66ef [1.8.x] Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters. 
Thanks Florian Apolloner for assisting with the patch.
 2018-03-01 11:58:41 -05:00
Tim Graham
10f11f2221 [1.8.x] Added stub release notes for security release. 2018-03-01 11:58:41 -05:00
Sergey Fedoseev
e0b3681838 [1.8.x] Fixed typo in docs/topics/testing/advanced.txt. 
Backport of 3922f02dc6b10a3268a710a2837027d3999957a3 from master
 2017-12-04 12:03:03 +01:00
Tim Graham
97dfc30f5b [1.8.x] Fixed #28802 -- Fixed typo in docs/topics/auth/default.txt. 
Backport of d392fc293c9439c19451e152f9560f24d1659563 from master
 2017-11-16 10:39:59 -05:00
Tim Graham
e3cf8d2e94 [1.8.x] Fixed #28561 -- Removed inaccurate docs about QuerySet.order_by() and joins. 
As of ccbba98131ace3beb43790c65e8f4eee94e9631c, both examples don't use
a join.

Backport of 44a6c27fd461e1d2f37388c26c629f8f170e8722 from master
 2017-09-06 19:33:36 -04:00
Tim Graham
5e5c056e0e [1.8.x] Added 2017-12794 to the security release archive. 
Backport of 79ae5811c7b06b6462f9411b6665241a4e98bedb from master
 2017-09-05 12:33:47 -04:00
Berker Peksag
16dfaa5f94 [1.8.x] Removed redundant backticks in docs/releases/1.8.txt 
Backport of 8d095c6378666e6d5f6cabc9e485c9db2618ff88 from master.
 2017-08-21 12:15:29 +02:00
Tim Graham
8781713fd7 [1.8.x] Fixed docs build with Sphinx 1.6. 
Backport of f370bfb10878918eae8db9985e0856949fa65d3a from master
 2017-05-24 12:15:07 -04:00
Tim Graham
7dc480e4f7 [1.8.x] Removed a docs workaround for an old Sphinx version. 
Backport of c315f9602418d2fcfe194b1ef2d0d7c325cac151 from master
 2017-05-24 11:53:15 -04:00
Tim Graham
8aee493bd4 [1.8.x] Corrected removal of deprecated sphinx.util.compat.Directive. 
Follow up to d2e39b20a9b1407f7b40598bd4caf234d8478af2
 2017-05-24 11:08:38 -04:00
Tim Graham
d2e39b20a9 [1.8.x] Removed usage of deprecated sphinx.util.compat.Directive. 
Backport of cb16458c4f91fe43b898b55b04fb177e914ac3af from master
 2017-05-24 10:55:06 -04:00
Tim Graham
0b9f366c60 [1.8.x] Added CVE-2017-7233,4 to the security release archive. 
Backport of b749c980a066a15b58b236656e57b66073a35a52 from master
 2017-04-04 21:53:50 -04:00
Tim Graham
8339277518 [1.8.x] Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs. 
This is a security fix.
 2017-03-28 12:57:34 -04:00
Tim Graham
4a6b945dff [1.8.x] Fixed CVE-2017-7234 -- Fixed open redirect vulnerability in views.static.serve(). 
This is a security fix.
 2017-03-28 12:57:34 -04:00
Tim Graham
081c263dff [1.8.x] Added stub release notes for security release. 2017-03-28 12:57:33 -04:00
Mariusz Felisiak
998bc0ced2 [1.8.x] Refs #27924 -- Doc'd that cx_Oracle < 5.3 is required. 
Thanks Tim Graham for the review.

Backport of 46d602dcea624bef3fb6e1dbf71378d837c0957b from stable/1.10.x
 2017-03-11 22:17:05 +01:00
Tim Graham
b248f33130 [1.8.x] Removed deprecated html_translator_class sphinx config option. 
Backport of bacdfbf3d1eb23ff8e8110681728a5b467443446 and
e5d3f98abcdc20d64d99609bd0aa82331835b439 from master
 2017-01-23 10:24:45 -05:00
Tim Graham
0311b7e637 [1.8.x] Declared Sphinx extensions safe for parallel reading. 
Backport of 03306a187ec3bb5e2592728a900d4a41185f9e30 from master
 2017-01-23 10:24:17 -05:00
Tim Graham
c9ba3450bd [1.8.x] Fixed #27616 -- Fixed incorrect vary_on_headers() example. 
Backport of 5e239ae907291d07a3fcf9329f83c27fa6d72981 from master
 2016-12-20 08:30:54 -05:00
Tim Graham
b2fff69aa6 [1.8.x] Added release date for 1.8.17. 
Backport of 9ea9686532336caefcd5fedb76ad9a68a512d243 from master
 2016-12-01 17:16:55 -05:00
Mariusz Felisiak
32f50999cd [1.8.x] Fixed #27420 -- Quoted the Oracle test user password in queries. 
Backport of c4b04e1598c4325454c808183dce17b284ed9e28 from master
 2016-11-08 16:45:12 -05:00
Tim Graham
90c61538ba [1.8.x] Added CVE-2016-9013,14 to the security release archive. 
Backport of b8ae2c16cfc4bf88c1720eafd8e35438181a7413 from master
 2016-11-01 10:48:58 -04:00
Tim Graham
c401ae9a7d [1.8.x] Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True. 
This is a security fix.
 2016-10-25 15:27:45 -04:00
Marti Raudsepp
70f9995296 [1.8.x] Fixed CVE-2016-9013 -- Generated a random database user password when running tests on Oracle. 
This is a security fix.
 2016-10-25 14:24:11 -04:00
Tim Graham
33bf6220e2 [1.8.x] Added stub release notes for 1.8.16. 2016-10-25 13:56:26 -04:00
Tim Graham
aba8f2b501 [1.8.x] Fixed #27342 -- Corrected QuerySet.update_or_create() example. 
Backport of 51b83d9e5113ea5b81d04f4d117bd5acd3c1b822 from master
 2016-10-13 11:03:38 -04:00
Tim Graham
3141b79d26 [1.8.x] Fixed #27307 -- Added missing url names in sitemaps docs. 
Backport of fe1aee6b98d2a94ecc983463938135d192ef9afc from master
 2016-10-03 16:05:56 -04:00
Alasdair Nicol
6e24eeef60 [1.8.x] Fixed 27283 -- Fixed typo in 1.8 release notes. 
Backport of 32031718320e1b4d708b15d8c67738e4c77c9bc7 from master
 2016-09-28 06:51:42 -04:00
Tim Graham
d5430a5ff9 [1.8.x] Added CVE-2016-7401 to the security release archive. 
Backport of 6fe846a8f08dc959003f298b5407e321c6fe3735 from master
 2016-09-26 18:30:31 -04:00
Tim Graham
47f5d799b2 [1.8.x] Added a CVE role for Sphinx. 
Backport of a46742e738b91f79dd7b2e6ecba6dd1604e14d05 from master
 2016-09-26 18:30:16 -04:00
Collin Anderson
6118ab7d06 [1.8.x] Fixed CVE-2016-7401 -- Fixed CSRF protection bypass on a site with Google Analytics. 
This is a security fix.

Backport of "refs #26158 -- rewrote http.parse_cookie() to better match
browsers." 93a135d111c2569d88d65a3f4ad9e6d9ad291452 from master
 2016-09-14 13:42:24 -04:00
Tim Graham
717aa88439 [1.8.x] Fixed #26807 -- Documented how to replicate SubfieldBase's assignment behavior. 
Backport of 518eaf1fa2d86dc1b0ba7adba22b30bcc8f3a497 from master
 2016-08-18 21:09:12 -04:00
Naved Khan
7665a52161 [1.8.x] Fixed #26941 -- Corrected uwsgi "env = LANG=…" configuration in docs. 
Backport of 9a5a789da2b53a9c19ea47130507ce26839eb008 from master
 2016-07-25 07:01:32 -04:00
Tim Graham
2deed2ea08 [1.8.x] Added CVE-2016-6186 to the security release archive. 
Backport of bc53af13cbf09b0cbac945426c2d51d0ca52fff3 from master
 2016-07-18 15:20:55 -04:00
Tim Graham
f68e5a9916 [1.8.x] Fixed XSS in admin's add/change related popup. 
This is a security fix.
 2016-07-18 13:45:11 -04:00
Marissa Zhou
358ae4a687 [1.8.x] Fixed #24796 -- Moved SecurityMiddleware in MIDDLEWARE_CLASSES docs. 
Partial backport of 8b1f39a727be91aab40bdb37235718ed63ae1d50 from master
 2016-07-18 07:57:00 -04:00
Jon Dufresne
8edfdddbc8 [1.8.x] Fixed #26889 -- Fixed missing PostgreSQL index in SchemaEditor.add_field(). 
Backport of 2e4cfcd2b9a0984ad6c4087a5deebbf33413835c from master
 2016-07-13 22:15:43 -04:00
Romain Garrigues
2a49d8e9b2 [1.8.x] Fixed #25461 -- Corrected meta API code examples to account for MTI. 
In the case of multiple-table inheritance models, get_all_related_objects() and
get_all_related_objects_with_model() don't return the auto-created
OneToOneField, but the new examples didn't account for this.

Backport of 8be84e2ac42b2556fd6fa07794b3708b143ef341 from master
 2016-07-06 09:28:58 -04:00
Taylor Edmiston
787675789c [1.8.x] Fixed typo in docs/topics/class-based-views/generic-display.txt 
Backport of 43d0345fe11624d6b4fd960139ff653451b4f147 from master
 2016-07-06 08:49:17 -04:00
Krzysztof Jurewicz
be5dfde7c2 [1.8.x] Fixed #26774 -- Corrected value of default_zoom in GeoModelAdmin doc 
Backport of 6dd4d2709bfe427c05842c0269860ef95a0b4f00 from master
 2016-06-17 14:03:52 +02:00
Berker Peksag
ba29dfb191 [1.8.x] Fixed #21588 -- Corrected handler initialization in "modifying upload handlers" example. 
Backport of 8f50ff5b15a742f345dade0848a3fbbf2aff629d from master
 2016-06-09 12:52:44 -04:00
Tim Graham
0f12924eb5 [1.8.x] Updated release notes links to prevent warnings with Sphinx 1.4.2. 
Backport of 149ace94dfc10504a0e69462c7737f5ce05340a4 from master
 2016-06-02 11:50:26 -04:00
Tim Graham
8346d2b633 [1.8.x] Ignored new warnings when building the docs with Sphinx 1.4. 
Backport of af3273757397fa88163174546f2b620d7b4837ed from master
 2016-06-02 11:30:49 -04:00
Florian Apolloner
d4ad28dbdd [1.8.x] Fixed a typo in the docs. 
Backport of 62e4f8ec435a4b600c8efb071201070a2443477e from master.
 2016-05-31 16:57:31 +02:00
Berker Peksag
4295848868 [1.8.x] Fixed #26503 -- Removed an outdated example from session docs. 
Backport of 698c8dfc2a5c5865a8bb163c1ae70b75d53e6415 from master
 2016-05-31 07:21:23 -04:00
Sergey Fedoseev
17a7ca283f [1.8.x] Fixed typo in docs/topics/forms/modelforms.txt 
Backport of 26794f6657a9d201d47a0748a449a94ad5d7c66e from master
 2016-05-27 10:31:57 -04:00
MariKiev
4f50139692 [1.8.x] Added imports to docs/topics/db/aggregation.txt example. 
Backport of 30d110ef43d8a3c50ea8ec4e4fe49bd2bb859530 from master
 2016-05-25 09:57:55 -04:00