Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
26,100 Commits 26 Branches 382 Tags
Commit Graph

10821 Commits

Author SHA1 Message Date
Carlton Gibson
df59146825 [2.1.x] Removed issue reporter name from 2.1.15 release notes. 
Backport of 368b8d20aaa16f0ef763759a0a87d986ef460584 from master
 2019-12-02 10:04:16 +01:00
Carlton Gibson
2fc998e3ba [2.1.x] Added release date for 2.1.15. 
Backport of e31d1852671866f6e52d55f9b7925ecad711fcf5 from master
 2019-12-02 09:14:54 +01:00
Carlton Gibson
103ebe2b5f Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin. 
Thank you to Shen Ying for reporting this issue.
 2019-12-02 08:58:35 +01:00
Mariusz Felisiak
f57f81a7fe [2.1.x] Refs #30953 -- Added 2.1.15 release note for 0107e3d1058f653f66032f7fd3a0bd61e96bf782. 
Backport of 39e39d0ac1b720e7460ec8ccf45926c78edb2047 from master
 2019-12-02 08:19:18 +01:00
Mariusz Felisiak
015fab76ad [2.1.x] Fixed #30953 -- Made select_for_update() lock queryset's model when using "self" with multi-table inheritance. 
Thanks Abhijeet Viswa for the report and initial patch.

Backport of 0107e3d1058f653f66032f7fd3a0bd61e96bf782 from master.
 2019-12-02 08:13:13 +01:00
Sergey Fedoseev
ed50f6c424 [2.1.x] Made versionadded/versionchanged annotations without a content end with ".". 
Regression in d2afa5eb2308e672b6313876856e32e2561b90f3.
Backport of 5032556483f16b0b5f182e393eb5c6548fc505be from master
 2019-11-21 09:04:30 +01:00
Mariusz Felisiak
0423ea1fa8 [2.1.x] Added stub release notes for 2.1.15. 
Backport of e9def97d1095efed15a109d82fe0498ebd56fa04 from master
 2019-11-19 12:45:25 +01:00
Mariusz Felisiak
341b2aa658 [2.1.x] Added release dates for 2.1.14 and 1.11.26. 
Backport of 126cfefce2b59900138f2bf1ef6ad966cddc55d4 from master
 2019-11-04 08:28:19 +01:00
Louise Grandjonc
522af9d673 [2.1.x] Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform. 
Regression in 6c3dfba89215fc56fc27ef61829a6fff88be4abb.

Backport of 7d1bf29977bb368d7c28e7c6eb146db3b3009ae7 from master.
 2019-10-11 11:57:16 +02:00
Mariusz Felisiak
608b787135 [2.1.x] Added stub release notes for 1.11.26 and 2.1.14. 
Backport of 84322a29ce9b0940335f8ab3d60e55192bef1e50 from master
 2019-10-02 07:56:33 +02:00
Carlton Gibson
27e7e1c8ee [2.1.x] Added release dates for 2.1.13, and 1.11.25. 
Backport of 3826aed46d7d4310c2ab6777a4f92165ca4d8d4f from master.
 2019-10-01 09:00:01 +02:00
David Vaz
1556a67c65 [2.1.x] Fixed #30216 -- Doc'd that BooleanField is no longer blank=True in Django 2.1. 
Backport of a6972e88547ad5a51592f2b6d5046754c4b59394 from stable/2.2.x
 2019-09-27 13:02:08 +02:00
Simon Charette
db181f4b7c [2.1.x] Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation. 
This was a regression introduced by 7deeabc7c7526786df6894429ce89a9c4b614086
to address CVE-2019-14234.

Thanks Tim Kleinschmidt for the report and Mariusz for the tests.

Backport of 6c3dfba89215fc56fc27ef61829a6fff88be4abb from master.
 2019-09-16 08:55:16 +02:00
Mariusz Felisiak
0cdd27de1a [2.1.x] Added stub release notes for 1.11.25 and 2.1.13. 
Backport of bd7e0f81f8590eadcb820c976ba03c9b75bbcad6 from master
 2019-09-16 07:44:19 +02:00
Mariusz Felisiak
df853647d7 [2.1.x] Added release dates for 2.1.12 and 1.11.24. 
Backport of 47f49adc11c0d39be3f41f92becc1f606c49d8ce from master.
 2019-09-02 07:46:49 +02:00
Mariusz Felisiak
968b9af9b7 [2.1.x] Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params. 
Regression in 4f5b58f5cd3c57fee9972ab074f8dc6895d8f387.

Thanks Florian Apolloner for the report and helping with tests.

Backport of 1f8382d34d54061eddc41df6994e20ee38c60907 from master.
 2019-08-14 15:37:01 +02:00
Carlton Gibson
46c2856543 [2.1.x] Added CVE-2019-14235 to security release archive. 
Backport of a5652eb795e896df0c0f2515201f35f9cd86b99b from master
 2019-08-01 12:06:02 +02:00
Carlton Gibson
8403afd843 [2.1.x] Added CVE-2019-14234 to security release archive. 
Backport of 3a6a2f5eaf74200a9591a6311fdb0ea78ee305ee from master
 2019-08-01 12:05:56 +02:00
Carlton Gibson
8ffd075373 [2.1.x] Added CVE-2019-14233 to security release archive. 
Backport of 9600f63885d2d240f85d59bff6acbe200f890298 from master
 2019-08-01 12:05:49 +02:00
Carlton Gibson
dbecd71e43 [2.1.x] Added CVE-2019-14232 to the security release archive. 
Backport of 87750787d1e464b7143f366d9485ba20fefc9c94 from master
 2019-08-01 12:05:42 +02:00
Florian Apolloner
5d50a2e5fa [2.1.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri(). 
Thanks to Guido Vranken for initial report.
 2019-07-31 12:43:32 +02:00
Mariusz Felisiak
f74b3ae362 [2.1.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection. 
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
 2019-07-31 12:43:32 +02:00
Florian Apolloner
5ff8e79114 [2.1.X] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities. 
Thanks to Guido Vranken for initial report.
 2019-07-29 11:12:53 +02:00
Florian Apolloner
c23723a155 [2.1.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML. 
Thanks to Guido Vranken for initial report.
 2019-07-29 11:09:18 +02:00
Carlton Gibson
24eba901eb [2.1.x] Added stub release notes for security releases. 
Backport of f13147c8de725eed7038941758469aeb9bd66503 from master
 2019-07-25 10:54:51 +02:00
Mariusz Felisiak
765dac3d76 [2.1.x] Added CVE-2019-12781 to the security release archive. 
Backport of 868cd56f058ca203419ad0886353173b74c3bcf1 from master
 2019-07-01 10:21:48 +02:00
Carlton Gibson
1e40f427bb [2.1.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.

Backport of 54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 from master
 2019-07-01 08:24:47 +02:00
Mariusz Felisiak
87be9c9626 [2.1.x] Added stub release notes for security releases. 
Backport of 30b3ee9d0b33bb440f9c73d1ce9e0e7303887a9f from master
 2019-07-01 07:04:03 +02:00
Nick Pope
d58f8e4235 [2.1.x] Added CVE-2019-12308 to the security release archive. 
Backport of 21b1d239125f1228e579b1ce8d94d4d5feadd2a6 from master
 2019-06-03 21:46:58 +02:00
Nick Pope
8827e09944 [2.1.x] Added CVE-2019-11358 to the security release archive. 
Backport of 8fb0ea55830321852a4a051a478f78e24d4f6889 from master
 2019-06-03 21:46:54 +02:00
Mariusz Felisiak
73158f19f1 [2.1.x] Fixed typos in 1.11.21, 2.1.9, 2.2.2 release notes. 
Backport of 100ec901aebebe56b61f101af38a228414098dd5 from master
 2019-06-03 14:12:40 +02:00
Carlton Gibson
95649bc085 [2.1.x] Applied jQuery patch for CVE-2019-11358. 
Backport of 34ec52269ade54af31a021b12969913129571a3f from master.
 2019-06-03 11:39:15 +02:00
Carlton Gibson
09186a13d9 [2.1.x] Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL before rendering clickable link. 
Backport of deeba6d92006999fee9adfbd8be79bf0a59e8008 from master.
 2019-06-03 11:37:57 +02:00
Carlton Gibson
f6e2b556e0 [2.1.x] Added stub release notes for security releases. 
Backport of 98c0fe19ee2cba9726708ac9336e1dc0d43cca69 from master
 2019-06-03 10:51:40 +02:00
Tim Graham
fb2b4253f9 [2.1.x] Refs #27807 -- Removed docs for User.username_validator. 
The new override functionality claimed in refs #21379 doesn't work.
Forwardport of 714fdbaa7048c2321f6238d9421137c33d9af7cc from stable/1.10.x.
 2019-04-07 20:03:54 -04:00
Mariusz Felisiak
0a8617a5b1
[2.1.x] Refs #30331 -- Doc'd that psycopg2 < 2.8 is required. 2019-04-05 12:06:04 +02:00
Tim Graham
aafdf62921 [2.1.x] Fixed #30289 -- Prevented admin inlines for a ManyToManyField's implicit through model from being editable if the user only has the view permission. 
Backport of 8335d59200e4c64dfe3348ea93989d95e0107439 from master.
 2019-03-30 17:56:50 -04:00
Tim Graham
6bfad83c2a [2.1.x] Added stub 2.1.8 release notes. 
Backport of e245046bb6e8b32360aa48b8a41fb7050f0fc730 from master
 2019-03-30 13:04:45 -04:00
Tim Graham
28fb3ea827 [2.1.x] Fixed #30277 -- Fixed broken links to packaging.python.org. 
Backport of 8f1cc7e9e61758475ddd6586e0fede4af1ca0e8d from master.
 2019-03-21 10:08:29 -04:00
Tobias Bengfort
4fd6e09fdc [2.1.x] Clarified permission-related docs. 
Backport of 632d4861ddb99a2c9d11642fcfa4ad542b427d6b from master
 2019-02-28 15:29:32 +01:00
Tim Graham
0c295a7570 [2.1.x] Refs #29683 -- Updated multi-db docs for view permission. 
Backport of 50f09264ae8ab04824fcc6554e8c184378ad2f81 from master
 2019-02-25 14:57:27 -05:00
Mariusz Felisiak
7514a6cc95
[2.1.x] Fixed documentation of database representation for ManyToManyField. 
Backport of b0799f5d86b6c0ccb1dcba6e0d2eee336f7f5928 from master
 2019-02-25 20:10:22 +01:00
Mariusz Felisiak
8fe63dc4cd
[2.1.x] Fixed #30187 -- Moved "install Django" command to a console box. 
Backport of edec11ce86a1a0d9e4c5a2a0df6acaf655041c24 from master.
 2019-02-16 08:10:14 +01:00
Tim Graham
e1b55f2d3f [2.1.x] Added CVE-2019-6975 to the security release archive. 
Backport of d6e5aad5c7eba3d8061c09902de16cd2b22619af from master.
 2019-02-11 16:14:58 -05:00
Tim Graham
5c2b94af2a [2.1.x] Refs #30177 -- Forwardported 2.0.13 release notes. 
Backport of 1b8f552b08eb7642be598ba7512e7eaecefbdc6d from master.
 2019-02-11 15:55:12 -05:00
Carlton Gibson
168bfdd92b [2.1.x] Refs #30175 -- Added release notes for 2.1.7, 2.0.12, and 1.11.20 releases. 
Backport of b39bd0aa6d5667d6bbcf7d349a1035c676e3f972 from master
 2019-02-11 15:48:23 +01:00
Carlton Gibson
40cd190557 [2.1.x] Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format(). 
Thanks Sjoerd Job Postmus for the report and initial patch.
Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.

Backport of 402c0caa851e265410fbcaa55318f22d2bf22ee2 from master
 2019-02-11 11:11:55 +01:00
Mariusz Felisiak
657bbb139a
[2.1.x] Removed extra characters in docs header underlines. 
Backport of 25829197bb94585e94695360065ac614aa9e6a56 from master
 2019-02-08 21:41:10 +01:00
Carlton Gibson
5e5ecadaa3 [2.1.x] Added stub release notes for security releases. 
Backport of 5cc6f02f91e8860c867cc68cf42e66b5bb54c63d from master
 2019-02-07 15:49:51 +01:00
Daniel Hahler
893b80d95d [2.1.x] Fixed duplicate word in docs/releases/2.0.txt. 
Backport of fdc4518fe296c169cf54f23fdad2e0fc8785c059 from master.
 2019-02-04 18:30:48 -05:00