Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
12,042 Commits 26 Branches 382 Tags
Commit Graph

12042 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
James Bennett
30eb916bdb [1.4.x] Bump version info and add release notes for 1.4.10. 1.4.10 2013-11-06 08:17:26 -06:00
Florian Apolloner
848a759474 Fixed #21362 -- Restored Python 2.5 compatibility. 2013-11-02 18:18:18 +01:00
Aymeric Augustin
b149d1fcd6 Merge pull request #1837 from loic/django14 
Fixed SyntaxError on Python 2.5 caused by a @unittest.skipIf class decoration.
 2013-11-01 01:21:34 -07:00
Loic Bistuer
7984b58e78 Fixed SyntaxError on Python 2.5 caused by a @unittest.skipIf class decoration. 2013-11-01 03:35:29 +07:00
Paolo Melchiorre
d491702ed7 [1.4.x] Fixed typo in docs/releases/1.4.9.txt. 
Backport of 3b0293370a from master
 2013-10-25 07:55:50 -04:00
Tim Graham
11b750b031 [1.4.x] Bump version post-release. 2013-10-25 07:54:10 -04:00
James Bennett
8f36d1fd95 [1.4.x] Bump everything for 1.4.9 bugfix release. 1.4.9 2013-10-24 23:37:26 -05:00
Tim Graham
3a46f621fe [1.4.x] Bumped release date for 1.5.5 & 1.4.9. 
Backport of 4ce5c119b5 from master
 2013-10-23 18:29:53 -04:00
Shai Berger
6de3726423 Fixed #13245: Explained Oracle's behavior w.r.t db_table 
and how to prevent table-name truncation

Thanks russellm & timo for discussion, and timo for review.

Backported from master 317040a73b77be8f8210801793b2ce6d1a69301e
 2013-10-23 15:05:05 +03:00
Tim Graham
ead7c496a4 [1.4.x] Added 1.4.9 release notes 
Backport of 2eb8f15516 from master
 2013-10-22 20:25:20 -04:00
Florian Apolloner
c4f29c91f9 [1.4.x] Fixed #21253 -- PBKDF2 with cached HMAC key 
This gives a 2x speed increase compared to the existing implementation.

Thanks to Steve Thomas for the initial patch and Tim Graham for finishing it.

Backport of 1e4f53a6eb8d1816e51eb8bd8f95e704f6b89ead from master.
 2013-10-21 20:03:12 +02:00
Aymeric Augustin
ea04c81d37 [1.4.x] Fixed #21256 -- Error in datetime_safe.datetime.combine. 
Backport of d9b6fb8 from master
 2013-10-13 19:11:59 +02:00
Anssi Kääriäinen
037ec1054c [1.4.x] Fixed #21248 -- Skipped test_bcrypt if no py-bcrypt found 
Pre 1.6 Django worked only with py-bcrypt, not with bcrypt. Skipped
test_bcrypt when using bcrypt to avoid false positives.

Backpatch of 9f8a36eb20895d9e542820d5190bfa77ad1b85d9 from stable/1.5.x.
 2013-10-09 14:44:43 +03:00
Florian Apolloner
e2403db95a [1.4.x] Fixed #21138 -- Increased the performance of our PBKDF2 implementation. 
Thanks go to Michael Gebetsroither for pointing out this issue and help on
the patch.

Backport of 68540fe4df44492571bc610a0a043d3d02b3d320 from master.
 2013-09-24 21:20:19 +02:00
Florian Apolloner
0317edf0c7 Revert "[1.4.x] Ensure that passwords are never long enough for a DoS." 
This reverts commit 3f3d887a6844ec2db743fee64c9e53e04d39a368.

This fix is no longer necessary, our pbkdf2 (see next commit) implementation
no longer rehashes the password every iteration.
 2013-09-24 21:19:20 +02:00
Tim Graham
ca77e38d24 [1.4.x] Cleaned up 1.4.8 release notes 
Backport of 8d29005524 from master
 2013-09-15 14:29:40 -04:00
Tim Graham
efee30e6b0 [1.4.x] Bump version post-release. 2013-09-15 12:59:10 -04:00
Claude Paroz
629813a804 [1.4.x] Fixed geos test to prevent random failure 
Points in the test fixtures have 20 as max coordinate.

Backport of 87854b0bdf354059f949350a4d63a0ed071d564c from master.
 2013-09-15 11:45:16 +02:00
Russell Keith-Magee
6903d1690a [1.4.x] Removed usage of b"" string syntax for Python 2.5 compatibility. 
Refs commit 3f3d887a6844ec2db743fee64c9e53e04d39a368.
1.4.8 		2013-09-15 14:02:38 +08:00
James Bennett
3ffc7b52f8 [1.4.x] Add release notes and bump version numbers for 1.4.8 security release. 2013-09-14 23:53:07 -06:00
Russell Keith-Magee
3f3d887a68 [1.4.x] Ensure that passwords are never long enough for a DoS. 
* Limit the password length to 4096 bytes
  * Password hashers will raise a ValueError
  * django.contrib.auth forms will fail validation
 * Document in release notes that this is a backwards incompatible change

Thanks to Josh Wright for the report, and Donald Stufft for the patch.

This is a security fix; disclosure to follow shortly.

Backport of aae5a96d5754ad34e48b7f673ef2411a3bbc1015 from master.
 2013-09-15 13:49:16 +08:00
Tim Graham
75d2bcda10 Fixed #18923 -- Corrected usage of sensitive_post_parameters in contrib.auth 
Thanks Collin Anderson for the report.

Backport of 425d076d0c from master
 2013-09-13 10:18:55 -04:00
Tim Graham
cca302cde6 [1.4.x] Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH. 
Thanks EvilDMP for the report and Russell Keith-Magee
for the draft text.

Backport of da843e7dba from master
 2013-09-11 08:18:56 -04:00
Florian Apolloner
434d122a74 Merge pull request #1616 from loic/fix1.4 
Fixed failing test introduced by 87d2750b39.
 2013-09-11 04:30:45 -07:00
Tim Graham
fba6af5a1e [1.4.x] Bump version post-release. 2013-09-11 07:06:09 -04:00
Loic Bistuer
3203f684e8 Fixed failing test introduced by 87d2750b39. 
The {% ssi %} tag in Django 1.4 doesn't support spaces in its argument.
Skip the test if run from a location that contains a space.
 2013-09-11 18:05:39 +07:00
James Bennett
701c1a11bc [1.4.x] Bump version numbers for 1.4.7 security release. 1.4.7 2013-09-10 20:15:38 -05:00
Tim Graham
d1dc8a0d00 Added 1.4.7 release notes 
Backport of baec6a26dd from master
 2013-09-10 21:09:47 -04:00
Tim Graham
87d2750b39 [1.4.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths. 
Thanks Rainer Koirikivi for the report and draft patch.

This is a security fix; disclosure to follow shortly.

Backport of 7fe5b656c9 from master
 2013-09-10 21:05:47 -04:00
Садовский Николай
9ab7ed9b72 [1.4.x] Fixed #20707 -- Added explicit quota assignment to Oracle test user 
To enable testing on Oracle 12c
 2013-09-09 15:13:18 +03:00
Shai Berger
7826824aef [1.4.x] Fixed #20907 - Test failure on Oracle 
Backport of the Oracle-specific part of commit a18e43c5bb8cb7c82
from master. This commit made get_indexes more consistent across
backends.

Thanks Tim Graham for pointer to the commit, akaariai and ikelly
for the original commit.
 2013-08-18 01:45:01 +03:00
Shai Berger
d9dc98159d [1.4.x] Fixed #20904: Test failure on Oracle 
Just skip the failing test, the failure isn't really relevant; also,
both the test and the reason for its failure were removed in 1.5.

Thanks Tim Graham for advice on 1.5.
 2013-08-17 23:12:01 +03:00
Luke Plant
d5da495a2e [1.4.x] Fixed #20906 -- Fixed a dependence on set-ordering in tests 
Backport of 1ae64e96c1 from master
 2013-08-16 17:55:08 -04:00
Anssi Kääriäinen
bf611f14ec [1.4.x] Fixed #20905 -- Fixed an Oracle-specific test case failure 
Made a test checking ORM-generated query string case-insensitive.

Backport of ee0a7c741e from master
 2013-08-16 12:23:05 -04:00
Florian Apolloner
08e5fcb3e6 Fixed regression in validation tests since example.com is available via https now. 2013-08-13 22:34:52 +02:00
Jacob Kaplan-Moss
0d4ef66f7c Bump version post-release. 2013-08-13 12:16:41 -05:00
Tim Graham
d77ce64fe8 [1.4.x] Removed 1.5.2 release notes 2013-08-13 13:15:54 -04:00
Jacob Kaplan-Moss
506913cdd8 Stole the Makefile for building packages from master. 2013-08-13 11:24:46 -05:00
Tim Graham
e61e20e497 Added 1.4.6/1.5.2 release notes. 1.4.6 2013-08-13 11:18:07 -05:00
Jacob Kaplan-Moss
30e17be1f6 Bumped version numbers for 1.4.6. 2013-08-13 11:09:05 -05:00
Jacob Kaplan-Moss
ec67af0bd6 Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S. 
This is a security fix; disclosure to follow shortly.
 2013-08-13 11:00:13 -05:00
Tim Graham
b50be6857c [1.4.x] Added missing release notes for older versions of Django 
Backport of 3f6cc33cff from master
 2013-08-12 14:11:10 -04:00
Tim Graham
8af0b1afd2 [1.4.x] Added a bugfix in docutils 0.11 -- docs will now build properly. 
Backport of a3a59a3197 from master
 2013-07-31 10:14:38 -04:00
SusanTan
ed6ec47ff7 [1.4.x] Fixed #20779 -- Documented AdminSite.app_index_template; refs #8498. 
Thanks CollinAnderson for the report.

Backport of 7de35a9ef3 from master
 2013-07-31 07:09:52 -04:00
mark hellewell
f3a961f009 [1.4.x] Fixed #18315 -- Documented QueryDict.popitem and QueryDict.pop 
Thanks gcbirzan for the report.

Backport of 8c9240222f from master
 2013-07-25 11:09:25 -04:00
Brenton Cleeland
eda39fe704 [1.4.x] Fixed #20792 -- Corrected DISALLOWED_USER_AGENTS docs. 
Thanks simonb for the report.

Backport of dab52d99fc from master
 2013-07-25 07:39:53 -04:00
Matt Deacalion Stevens
dfe36f10df [1.4.x] Atom specification URL updated 
Changed to the URL of the official RFC for Atom, since Atomenabled.org
is just a holding page.

Backport of beefc97171 from master
 2013-07-18 08:48:11 -04:00
Tim Graham
6b4b18e7e2 [1.4.x] Fixed #20756 -- Typo in uWSGI docs. 
Backport of a3242dc9fe from master
 2013-07-17 06:51:48 -04:00
Tim Graham
288d70fccc [1.4.x] Fixed #20730 -- Fixed "Programmatically creating permissions" error. 
Thanks glarrain for the report.

Backport of 684a606a4e from master
 2013-07-11 11:10:26 -04:00
Tim Graham
e8971345b4 [1.4.x] Fixed #19196 -- Added test/requirements 
Backport of 4d92a0bd86 from master
 2013-07-10 12:12:15 -04:00