Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
24,384 Commits 26 Branches 382 Tags
Commit Graph

24384 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Carlton Gibson
b73bb46d42 [1.11.x] Post-release version bump. 2019-10-01 10:06:53 +02:00
Carlton Gibson
81f0da91fb [1.11.x] Bumped version for 1.11.25 release. 1.11.25 2019-10-01 09:54:07 +02:00
Carlton Gibson
9d2916faf5 [1.11.x] Added release date for 1.11.25. 
Backport of 3826aed46d7d4310c2ab6777a4f92165ca4d8d4f from master.
 2019-10-01 09:01:51 +02:00
Simon Charette
fd393907c9 [1.11.x] Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation. 
This was a regression introduced by 7deeabc7c7526786df6894429ce89a9c4b614086
to address CVE-2019-14234.

Thanks Tim Kleinschmidt for the report and Mariusz for the tests.

Backport of 6c3dfba89215fc56fc27ef61829a6fff88be4abb from master.
 2019-09-16 09:05:48 +02:00
Mariusz Felisiak
30c3d5fd73 [1.11.x] Added stub release notes for 1.11.25. 
Backport of bd7e0f81f8590eadcb820c976ba03c9b75bbcad6 from master
 2019-09-16 07:45:42 +02:00
Mariusz Felisiak
f213c4c406 [1.11.x] Post-release version bump. 2019-09-02 09:02:39 +02:00
Mariusz Felisiak
4c049c805a [1.11.x] Bumped version for 1.11.24 release. 1.11.24 2019-09-02 08:45:34 +02:00
Mariusz Felisiak
835b62a588 [1.11.x] Added release date for 1.11.24. 
Backport of 47f49adc11c0d39be3f41f92becc1f606c49d8ce from master.
 2019-09-02 07:49:10 +02:00
Mariusz Felisiak
473c526b1b [1.11.x] Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params. 
Regression in 4f5b58f5cd3c57fee9972ab074f8dc6895d8f387.

Thanks Florian Apolloner for the report and helping with tests.

Backport of 1f8382d34d54061eddc41df6994e20ee38c60907 from master.
 2019-08-14 15:58:10 +02:00
Carlton Gibson
3deda1f680 [1.11.x] Added CVE-2019-14235 to security release archive. 
Backport of a5652eb795e896df0c0f2515201f35f9cd86b99b from master
 2019-08-01 12:07:11 +02:00
Carlton Gibson
738b45dd3b [1.11.x] Added CVE-2019-14234 to security release archive. 
Backport of 3a6a2f5eaf74200a9591a6311fdb0ea78ee305ee from master
 2019-08-01 12:07:06 +02:00
Carlton Gibson
7482d25f1e [1.11.x] Added CVE-2019-14233 to security release archive. 
Backport of 9600f63885d2d240f85d59bff6acbe200f890298 from master
 2019-08-01 12:07:00 +02:00
Carlton Gibson
ba791617e0 [1.11.x] Added CVE-2019-14232 to the security release archive. 
Backport of 87750787d1e464b7143f366d9485ba20fefc9c94 from master
 2019-08-01 12:06:54 +02:00
Carlton Gibson
1e6a5b0001 [1.11.x] Post-release version bump. 2019-08-01 10:46:21 +02:00
Carlton Gibson
974897759e [1.11.x] Bumped version for 1.11.23 release. 1.11.23 2019-08-01 10:43:51 +02:00
Florian Apolloner
869b34e9b3 [1.11.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri(). 
Thanks to Guido Vranken for initial report.
 2019-07-31 21:29:17 +02:00
Mariusz Felisiak
ed682a24fc [1.11.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection. 
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
 2019-07-31 21:29:17 +02:00
Florian Apolloner
52479acce7 [1.11.x] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities. 
Thanks to Guido Vranken for initial report.
 2019-07-29 11:20:43 +02:00
Florian Apolloner
42a66e9690 [1.11.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML. 
Thanks to Guido Vranken for initial report.
 2019-07-29 11:18:34 +02:00
Carlton Gibson
693046e54b [1.11.x] Added stub release notes for security releases. 
Backport of f13147c8de725eed7038941758469aeb9bd66503 from master.
 2019-07-25 10:58:17 +02:00
Mariusz Felisiak
6d054b5a8f [1.11.x] Added CVE-2019-12781 to the security release archive. 
Backport of 868cd56f058ca203419ad0886353173b74c3bcf1 from master
 2019-07-01 10:24:29 +02:00
Mariusz Felisiak
7c849b9e3b [1.11.x] Post-release version bump. 2019-07-01 08:47:34 +02:00
Mariusz Felisiak
480380c993 [1.11.x] Bumped version for 1.11.22 release. 1.11.22 2019-07-01 08:43:35 +02:00
Carlton Gibson
32124fc41e [1.11.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.

Backport of 54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 from master.
 2019-07-01 08:40:19 +02:00
Mariusz Felisiak
58553bb297 [1.11.x] Added stub release notes for security releases. 
Backport of 30b3ee9d0b33bb440f9c73d1ce9e0e7303887a9f from master
 2019-07-01 07:05:49 +02:00
Mariusz Felisiak
bc5febec4e [1.11.x] Fixed GeoIPTest.test04_city() failure with the latest GeoIP2 database. 
Backport of 4305fbe8b11f44ab5d6759346488026c1e9677b2 from master.
 2019-06-30 20:21:27 +02:00
Markus Holtermann
790696836f [1.11.x] Bumped minimum ESLint version to 4.18.2. 
Backport of ad7b438002f1ab2a0ccb321012182991737ea84e from master.
 2019-06-21 18:18:36 +02:00
Nick Pope
341f44448c [1.11.x] Added CVE-2019-12308 to the security release archive. 
Backport of 21b1d239125f1228e579b1ce8d94d4d5feadd2a6 from master
 2019-06-03 21:47:37 +02:00
Nick Pope
9f8bed5bdf [1.11.x] Added CVE-2019-11358 to the security release archive. 
Backport of 8fb0ea55830321852a4a051a478f78e24d4f6889 from master
 2019-06-03 21:47:34 +02:00
Mariusz Felisiak
a07ce0e25e [1.11.x] Fixed typo in 1.11.21 release notes. 
Backport of 100ec901aebebe56b61f101af38a228414098dd5 from master.
 2019-06-03 14:17:07 +02:00
Carlton Gibson
2f67c8e70b [1.11.x] Post-release version bump. 2019-06-03 11:59:53 +02:00
Carlton Gibson
bc1f79d0a0 [1.11.x] Bumped version for 1.11.21 release. 1.11.21 2019-06-03 11:48:10 +02:00
Carlton Gibson
c238701859 [1.11.x] Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL before rendering clickable link. 
Backport of deeba6d92006999fee9adfbd8be79bf0a59e8008 from master.
 2019-06-03 11:38:19 +02:00
Carlton Gibson
4b3716e654 [1.11.x] Added stub release notes for security releases. 
Backport of 98c0fe19ee2cba9726708ac9336e1dc0d43cca69 from master
 2019-06-03 10:54:19 +02:00
Tim Graham
331d765281 [1.11.x] Refs #27807 -- Removed docs for User.username_validator. 
The new override functionality claimed in refs #21379 doesn't work.
Forwardport of 714fdbaa7048c2321f6238d9421137c33d9af7cc from stable/1.10.x.
 2019-04-07 20:09:15 -04:00
Mariusz Felisiak
d13490c18a
[1.11.x] Refs #30331 -- Doc'd that psycopg2 < 2.8 is required. 
Backport of 0a8617a5b1cac7063f30e4d8ff4ea4c30748f7b8 from stable/2.1.x.
 2019-04-05 12:13:05 +02:00
Tim Graham
22c0564193 [1.11.x] Fixed #30277 -- Fixed broken links to packaging.python.org. 
Backport of 8f1cc7e9e61758475ddd6586e0fede4af1ca0e8d from master.
 2019-03-21 10:08:38 -04:00
Tim Graham
9530fac978 [1.11.x] Fixed serializers test crash if PyYAML isn't installed. 
Follow up to a57c783dd4e6dc73847081221827a1902eede88b.

Backport of 55490ac7469a3647ce163bee323f7fe4a06fcaa6 from master
 2019-03-20 16:11:02 +01:00
Mariusz Felisiak
f8ce3cd162 [1.11.x] Fixed serializers tests for PyYAML 5.1+. 
Backport of a57c783dd4e6dc73847081221827a1902eede88b from master
 2019-03-14 18:45:14 +01:00
Mariusz Felisiak
f13bfdeb55
[1.11.x] Reverted "Fixed relative paths imports per isort 4.3.5." 
This reverts commit 463fe11bc8b2d068e447c5df677e7a31c2af7e03 due to
restore of relative paths sorting from isort < 4.3.5 in isort 4.3.10.

Backport of b435f82939edf70674856e0e1cd63973c2e0a1d1 from master.
 2019-03-03 19:47:17 +01:00
Mariusz Felisiak
b9beb6a52e
[1.11.x] Fixed relative paths imports per isort 4.3.5. 
Backport of 463fe11bc8b2d068e447c5df677e7a31c2af7e03 from master.
 2019-02-25 20:02:56 +01:00
Tim Graham
1b8a26efa2 [1.11.x] Fixed E117 flake8 warnings. 2019-02-14 09:35:54 -05:00
Tim Graham
d718f5203e [1.11.x] Added CVE-2019-6975 to the security release archive. 
Backport of d6e5aad5c7eba3d8061c09902de16cd2b22619af from master.
 2019-02-11 16:15:21 -05:00
Tim Graham
013b923876 [1.11.x] Post-release version bump. 2019-02-11 15:54:39 -05:00
Carlton Gibson
1c9cb948d7 [1.11.x] Bumped version for 1.11.20 release. 1.11.20 2019-02-11 15:54:26 +01:00
Carlton Gibson
f2c5f66c7c [1.11.x] Refs #30175 -- Added release notes for 1.11.20 release. 
Backport of b39bd0aa6d5667d6bbcf7d349a1035c676e3f972 from master
 2019-02-11 15:52:35 +01:00
Carlton Gibson
1cdba624d5 [1.11.x] Bumped version for 1.11.19 release. 1.11.19 2019-02-11 11:31:04 +01:00
Carlton Gibson
0bbb560183 [1.11.x] Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format(). 
Thanks Sjoerd Job Postmus for the report and initial patch.
Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.

Backport of 402c0caa851e265410fbcaa55318f22d2bf22ee2 from master.
 2019-02-11 11:15:45 +01:00
Mariusz Felisiak
11cb39514d
[1.11.x] Removed extra characters in docs header underlines. 
Backport of 25829197bb94585e94695360065ac614aa9e6a56 from master
 2019-02-08 21:44:04 +01:00
Carlton Gibson
fc858abe51 Added stub release notes for security releases. 
# Conflicts:
#	docs/releases/2.1.6.txt
 2019-02-07 15:56:05 +01:00