Tim Graham
e60557c249
[1.4.x] Fixed #24238 -- Removed unused WSGIRequestHandler.get_environ()
...
Also moved the test as it wasn't running.
2015-01-28 12:32:15 -05:00
Tim Graham
4376d6ef7b
[1.4.x] Post-release version bump.
2015-01-27 12:26:26 -05:00
Tim Graham
7dd4c5221a
[1.4.x] Bumped version for 1.4.19 release.
2015-01-27 11:55:02 -05:00
Benjamin Richter
1e39d0f628
[1.4.x] Fixed #24158 -- Allowed GZipMiddleware to work with streaming responses
...
Backport of django.utils.text.compress_sequence and fix for
django.middleware.gzip.GZipMiddleware when using iterators as
response.content.
2015-01-26 19:22:47 -05:00
Tim Graham
9435474068
[1.4.x] Designated Django 1.8 as the next LTS.
...
Backport of c38db4d7e072e9a5002cb4897d9104e5eaa292ed from master
2015-01-19 12:09:43 -05:00
Tim Graham
99e6ac77f2
[1.4.x] Fixed a static view test on Windows.
...
Backport of a6f144fd4fee0090de3a99b1f50a4142722e7946 from master
2015-01-14 13:57:59 -05:00
Tim Graham
4296a1da8b
[1.4.x] Post-release version bump.
2015-01-13 14:16:07 -05:00
Tim Graham
bd9dcd226b
[1.4.x] Bumped version for 1.4.18 release.
2015-01-13 13:14:08 -05:00
Tim Graham
88b7957b34
[1.4.x] Added dates to release notes.
2015-01-13 13:10:54 -05:00
Tim Graham
d020da6646
[1.4.x] Prevented views.static.serve() from using large memory on large files.
...
This is a security fix. Disclosure following shortly.
2015-01-05 13:43:54 -05:00
Tim Graham
4c241f1b71
[1.4.x] Fixed is_safe_url() to handle leading whitespace.
...
This is a security fix. Disclosure following shortly.
2015-01-05 13:43:32 -05:00
Carl Meyer
4f6fffc1dc
[1.4.x] Stripped headers containing underscores to prevent spoofing in WSGI environ.
...
This is a security fix. Disclosure following shortly.
Thanks to Jedediah Smith for the report.
2015-01-05 13:43:15 -05:00
Tim Graham
113a8980f4
[1.4.x] Added stub release notes for security releases.
2015-01-05 13:42:52 -05:00
Tim Graham
2fd8054fda
[1.4.x] Fixed #24081 -- Downgraded six to 1.8.0.
...
This reverts commit a25c444bc701b496f2b05f57fc3ec42cdac9dd85.
six 1.9+ requires Python 2.6 so this commit restores Python 2.5 compatibility.
2015-01-05 13:41:06 -05:00
Tim Graham
032ffade8a
[1.4.x] Removed wheel generation from Makefile.
2015-01-02 22:01:51 -05:00
Tim Graham
52136afda4
[1.4.x] Post-release version bump.
2015-01-02 21:49:44 -05:00
Tim Graham
592187e11b
[1.4.x] Bumped version for 1.4.17 release.
2015-01-02 21:07:00 -05:00
Tim Graham
35dc639cd6
[1.4.x] Added dates to release notes.
...
Backport of 15cd71ed24945ff7be5716580603fd65c0d45ef7 from master
2015-01-02 19:23:14 -05:00
Tim Graham
a25c444bc7
[1.4.x] Updated six to 1.9.0.
...
Backport of 52f0b2b62262743d5f935ddae29428e661b5d8ea from master
2015-01-02 13:38:58 -05:00
Simon Charette
5940da16af
[1.4.x] Fixed #23754 -- Always allowed reference to the primary key in the admin
...
This change allows dynamically created inlines "Add related" button to work
correcly as long as their associated foreign key is pointing to the primary
key of the related model.
Thanks to amorce for the report, Julien Phalip for the initial patch,
and Collin Anderson for the review.
Backport of f9c4e14aeca7df79991bca8ac2d743953cbd095c from master
2014-11-25 14:04:56 -05:00
Tim Graham
c83b024b37
[1.4.x] Removed thread customizations of six which are now built-in.
...
Backport of 7ef81b5cdd4c8eda12aa7786484a0bfde00aaaa4 from master
2014-11-13 11:36:21 +01:00
Tim Graham
a1dcd82b28
[1.4.x] Updated six to 1.8.0.
...
Backport of 81477c91f6 from master
2014-11-04 21:30:21 -05:00
Tim Graham
486b6ca3bc
[1.4.x] Post-release version bump.
2014-10-22 13:33:07 -04:00
James Bennett
151d6dbf9c
[1.4.x] Bump version numbers for bugfix release.
2014-10-22 12:36:19 -04:00
Tim Graham
a92e386e26
[1.4.x] Added release dates to release notes.
...
Backport of 9dc782b631 from master
2014-10-22 12:25:45 -04:00
Tim Graham
643374bcf5
[1.4.x] Fixed #23631 -- Removed outdated note on MySQL timezone support.
...
Thanks marfire for the report.
Backport of 9db3653670 from master
2014-10-10 15:22:46 -04:00
Emmanuelle Delescolle
f58392d8d8
[1.4.x] Fixed #23604 -- Allowed related m2m fields to be references in the admin.
...
Thanks Simon Charette for review.
Backport of a24cf21722 from master
2014-10-06 09:08:45 -04:00
Tim Graham
df657a7682
[1.4.x] Required numpy < 1.9 for tests; refs #23489 .
...
Backport of 4743a94429 from stable/1.7.x
2014-09-29 19:47:33 -04:00
Joseph Dougherty
3132edae41
[1.4.x] Fixed #23499 -- Error in built-in template tag "now" documentation
...
Backport of ab8248361e0a7b4fc7684eaaa5891e16b8562683 from master.
2014-09-17 09:26:45 +02:00
Claude Paroz
ba2be27613
[1.4.x] Fixed #20036 -- Improved GEOS version string parsing
...
Thanks chikiro.spam at gmail.com for the report.
2014-09-11 20:54:33 +02:00
Simon Charette
065caafa70
[1.4.x] Fixed #23431 -- Allowed inline and hidden references to admin fields.
...
This fixes a regression introduced by the 53ff096982 security fix.
Thanks to @a1tus for the report and Tim for the review.
refs #23329 .
Backport of 342ccbd from master
2014-09-08 14:22:29 -04:00
Tim Graham
78085844a7
[1.4.x] Added dates to release notes.
...
Backport of 0fd23545db from master
2014-09-02 21:36:44 -04:00
Tim Graham
89157fe11f
[1.4.x] Post release version bump.
2014-09-02 21:07:29 -04:00
James Bennett
0517f498cd
[1.4.x] Bump version numbers for bugfix release.
2014-09-02 15:43:24 -05:00
Simon Charette
4685026840
[1.4.x] Fixed #23329 -- Allowed inherited and m2m fields to be referenced in the admin.
...
Thanks to Trac alias Markush2010 and ross for the detailed reports.
Backport of 3cbb759 from master
2014-08-27 22:12:37 -04:00
Tim Graham
8adc56ca78
[1.4.x] Fixed spelling mistake in file docs.
...
Backport of a3e88e64a4 from master
2014-08-26 09:45:06 -04:00
Tim Graham
27c682ffa0
[1.4.x] Bumped version number post-release.
2014-08-20 16:36:42 -04:00
Tim Graham
e484df76b6
[1.4.x] Added dates to release notes.
2014-08-20 16:33:50 -04:00
James Bennett
4fce0193d2
[1.4.x] Bump version numbers for security release.
2014-08-20 15:00:40 -05:00
Simon Charette
027bd34864
[1.4.x] Prevented data leakage in contrib.admin via query string manipulation.
...
This is a security fix. Disclosure following shortly.
2014-08-11 16:01:41 -04:00
Preston Holmes
c9e3b9949c
[1.4.x] Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USE change.
...
This is a security fix. Disclosure following shortly.
2014-08-11 12:15:06 -04:00
Tim Graham
30042d475b
[1.4.x] Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file names.
...
This is a security fix. Disclosure following shortly.
2014-08-11 10:14:06 -04:00
Florian Apolloner
c2fe73133b
[1.4.x] Prevented reverse() from generating URLs pointing to other hosts.
...
This is a security fix. Disclosure following shortly.
2014-08-11 09:04:23 -04:00
Tim Graham
4d5e972a2c
[1.4.x] Added release note stub for 1.4.14.
2014-08-11 08:47:06 -04:00
Tim Graham
88cb7aa6aa
[1.4.x] Added a warning that remove_tags() output shouldn't be considered safe.
...
Backport of 7efce77de2 from master
2014-08-11 07:11:30 -04:00
Tim Graham
399052d224
[1.4.x] Noted that django-jython requires Django 1.7.
...
Backport of 72e98d5c16 from stable/1.6.x
2014-08-08 12:47:31 -04:00
Tim Graham
d23d19c15e
[1.4.x] Fixed #23239 -- Clarified a phrase in the contrib.markup docs.
...
Backport of e0fb48c254 from stable/1.5.x
2014-08-06 08:30:49 -04:00
Erik Romijn
bc03817b42
[1.4.x] Fixed #23149 -- Clarified note on HTTPOnly in cookie-based session docs
...
Backport of e26366da44bb343e7a95d01ff0dd18b8026c2802 from master.
2014-08-02 19:01:23 +02:00
Tim Graham
778a555342
[1.4.x] Added tests/requirements/py2.txt.
...
This follows the convention used in other branches so we don't
need a special case in the build script for 1.4.
2014-07-25 09:46:15 -04:00
Ramiro Morales
aa9c45c2e4
[1.4.x] Revert "Fixed #13794 -- Fixed to_field usage in BaseInlineFormSet."
...
This reverts commit b44519072e8a0ef56a0ae9e6e4a1fb04273eb0eb.
stable/1.4.x branch is in security-fixes-only mode.
2014-07-14 21:09:38 -03:00
