Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
24,392 Commits 26 Branches 382 Tags
Commit Graph

24392 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Simon Charette
f4cff43bf9 [1.11.x] Fixed CVE-2019-19844 -- Used verified user email for password reset requests. 
Backport of 5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70 from master.

Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
 2019-12-18 09:17:28 +01:00
Mariusz Felisiak
a2355740ed [1.11.x] Refs #31073 -- Added release notes for 02eff7ef60466da108b1a33f1e4dc01eec45c99d. 
Backport of ec12c37384798093e359971c8980fe0c68d555bc from master.
 2019-12-11 10:14:57 +01:00
Peter Andersen
e8fdf00cc2 [1.11.x] Fixed #31073 -- Prevented CheckboxInput.get_context() from mutating attrs. 
Backport of 02eff7ef60466da108b1a33f1e4dc01eec45c99d from master.
 2019-12-11 09:43:36 +01:00
Mariusz Felisiak
4f1501660b [1.11.x] Post-release version bump. 2019-11-04 09:31:11 +01:00
Mariusz Felisiak
f24d305761 [1.11.x] Bumped version for 1.11.26 release. 1.11.26 2019-11-04 09:21:03 +01:00
Mariusz Felisiak
4017507660 [1.11.x] Added release date for 1.11.26. 
Backport of 126cfefce2b59900138f2bf1ef6ad966cddc55d4 from master
 2019-11-04 08:30:17 +01:00
Louise Grandjonc
a843a9ba8d [1.11.x] Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform. 
Regression in 6c3dfba89215fc56fc27ef61829a6fff88be4abb.

Backport of 7d1bf29977bb368d7c28e7c6eb146db3b3009ae7 from master.
 2019-10-11 12:01:42 +02:00
Mariusz Felisiak
cf2b475aab [1.11.x] Added stub release notes for 1.11.26. 
Backport of 84322a29ce9b0940335f8ab3d60e55192bef1e50 from master
 2019-10-02 07:58:03 +02:00
Carlton Gibson
b73bb46d42 [1.11.x] Post-release version bump. 2019-10-01 10:06:53 +02:00
Carlton Gibson
81f0da91fb [1.11.x] Bumped version for 1.11.25 release. 1.11.25 2019-10-01 09:54:07 +02:00
Carlton Gibson
9d2916faf5 [1.11.x] Added release date for 1.11.25. 
Backport of 3826aed46d7d4310c2ab6777a4f92165ca4d8d4f from master.
 2019-10-01 09:01:51 +02:00
Simon Charette
fd393907c9 [1.11.x] Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation. 
This was a regression introduced by 7deeabc7c7526786df6894429ce89a9c4b614086
to address CVE-2019-14234.

Thanks Tim Kleinschmidt for the report and Mariusz for the tests.

Backport of 6c3dfba89215fc56fc27ef61829a6fff88be4abb from master.
 2019-09-16 09:05:48 +02:00
Mariusz Felisiak
30c3d5fd73 [1.11.x] Added stub release notes for 1.11.25. 
Backport of bd7e0f81f8590eadcb820c976ba03c9b75bbcad6 from master
 2019-09-16 07:45:42 +02:00
Mariusz Felisiak
f213c4c406 [1.11.x] Post-release version bump. 2019-09-02 09:02:39 +02:00
Mariusz Felisiak
4c049c805a [1.11.x] Bumped version for 1.11.24 release. 1.11.24 2019-09-02 08:45:34 +02:00
Mariusz Felisiak
835b62a588 [1.11.x] Added release date for 1.11.24. 
Backport of 47f49adc11c0d39be3f41f92becc1f606c49d8ce from master.
 2019-09-02 07:49:10 +02:00
Mariusz Felisiak
473c526b1b [1.11.x] Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params. 
Regression in 4f5b58f5cd3c57fee9972ab074f8dc6895d8f387.

Thanks Florian Apolloner for the report and helping with tests.

Backport of 1f8382d34d54061eddc41df6994e20ee38c60907 from master.
 2019-08-14 15:58:10 +02:00
Carlton Gibson
3deda1f680 [1.11.x] Added CVE-2019-14235 to security release archive. 
Backport of a5652eb795e896df0c0f2515201f35f9cd86b99b from master
 2019-08-01 12:07:11 +02:00
Carlton Gibson
738b45dd3b [1.11.x] Added CVE-2019-14234 to security release archive. 
Backport of 3a6a2f5eaf74200a9591a6311fdb0ea78ee305ee from master
 2019-08-01 12:07:06 +02:00
Carlton Gibson
7482d25f1e [1.11.x] Added CVE-2019-14233 to security release archive. 
Backport of 9600f63885d2d240f85d59bff6acbe200f890298 from master
 2019-08-01 12:07:00 +02:00
Carlton Gibson
ba791617e0 [1.11.x] Added CVE-2019-14232 to the security release archive. 
Backport of 87750787d1e464b7143f366d9485ba20fefc9c94 from master
 2019-08-01 12:06:54 +02:00
Carlton Gibson
1e6a5b0001 [1.11.x] Post-release version bump. 2019-08-01 10:46:21 +02:00
Carlton Gibson
974897759e [1.11.x] Bumped version for 1.11.23 release. 1.11.23 2019-08-01 10:43:51 +02:00
Florian Apolloner
869b34e9b3 [1.11.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri(). 
Thanks to Guido Vranken for initial report.
 2019-07-31 21:29:17 +02:00
Mariusz Felisiak
ed682a24fc [1.11.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection. 
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
 2019-07-31 21:29:17 +02:00
Florian Apolloner
52479acce7 [1.11.x] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities. 
Thanks to Guido Vranken for initial report.
 2019-07-29 11:20:43 +02:00
Florian Apolloner
42a66e9690 [1.11.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML. 
Thanks to Guido Vranken for initial report.
 2019-07-29 11:18:34 +02:00
Carlton Gibson
693046e54b [1.11.x] Added stub release notes for security releases. 
Backport of f13147c8de725eed7038941758469aeb9bd66503 from master.
 2019-07-25 10:58:17 +02:00
Mariusz Felisiak
6d054b5a8f [1.11.x] Added CVE-2019-12781 to the security release archive. 
Backport of 868cd56f058ca203419ad0886353173b74c3bcf1 from master
 2019-07-01 10:24:29 +02:00
Mariusz Felisiak
7c849b9e3b [1.11.x] Post-release version bump. 2019-07-01 08:47:34 +02:00
Mariusz Felisiak
480380c993 [1.11.x] Bumped version for 1.11.22 release. 1.11.22 2019-07-01 08:43:35 +02:00
Carlton Gibson
32124fc41e [1.11.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.

Backport of 54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 from master.
 2019-07-01 08:40:19 +02:00
Mariusz Felisiak
58553bb297 [1.11.x] Added stub release notes for security releases. 
Backport of 30b3ee9d0b33bb440f9c73d1ce9e0e7303887a9f from master
 2019-07-01 07:05:49 +02:00
Mariusz Felisiak
bc5febec4e [1.11.x] Fixed GeoIPTest.test04_city() failure with the latest GeoIP2 database. 
Backport of 4305fbe8b11f44ab5d6759346488026c1e9677b2 from master.
 2019-06-30 20:21:27 +02:00
Markus Holtermann
790696836f [1.11.x] Bumped minimum ESLint version to 4.18.2. 
Backport of ad7b438002f1ab2a0ccb321012182991737ea84e from master.
 2019-06-21 18:18:36 +02:00
Nick Pope
341f44448c [1.11.x] Added CVE-2019-12308 to the security release archive. 
Backport of 21b1d239125f1228e579b1ce8d94d4d5feadd2a6 from master
 2019-06-03 21:47:37 +02:00
Nick Pope
9f8bed5bdf [1.11.x] Added CVE-2019-11358 to the security release archive. 
Backport of 8fb0ea55830321852a4a051a478f78e24d4f6889 from master
 2019-06-03 21:47:34 +02:00
Mariusz Felisiak
a07ce0e25e [1.11.x] Fixed typo in 1.11.21 release notes. 
Backport of 100ec901aebebe56b61f101af38a228414098dd5 from master.
 2019-06-03 14:17:07 +02:00
Carlton Gibson
2f67c8e70b [1.11.x] Post-release version bump. 2019-06-03 11:59:53 +02:00
Carlton Gibson
bc1f79d0a0 [1.11.x] Bumped version for 1.11.21 release. 1.11.21 2019-06-03 11:48:10 +02:00
Carlton Gibson
c238701859 [1.11.x] Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL before rendering clickable link. 
Backport of deeba6d92006999fee9adfbd8be79bf0a59e8008 from master.
 2019-06-03 11:38:19 +02:00
Carlton Gibson
4b3716e654 [1.11.x] Added stub release notes for security releases. 
Backport of 98c0fe19ee2cba9726708ac9336e1dc0d43cca69 from master
 2019-06-03 10:54:19 +02:00
Tim Graham
331d765281 [1.11.x] Refs #27807 -- Removed docs for User.username_validator. 
The new override functionality claimed in refs #21379 doesn't work.
Forwardport of 714fdbaa7048c2321f6238d9421137c33d9af7cc from stable/1.10.x.
 2019-04-07 20:09:15 -04:00
Mariusz Felisiak
d13490c18a
[1.11.x] Refs #30331 -- Doc'd that psycopg2 < 2.8 is required. 
Backport of 0a8617a5b1cac7063f30e4d8ff4ea4c30748f7b8 from stable/2.1.x.
 2019-04-05 12:13:05 +02:00
Tim Graham
22c0564193 [1.11.x] Fixed #30277 -- Fixed broken links to packaging.python.org. 
Backport of 8f1cc7e9e61758475ddd6586e0fede4af1ca0e8d from master.
 2019-03-21 10:08:38 -04:00
Tim Graham
9530fac978 [1.11.x] Fixed serializers test crash if PyYAML isn't installed. 
Follow up to a57c783dd4e6dc73847081221827a1902eede88b.

Backport of 55490ac7469a3647ce163bee323f7fe4a06fcaa6 from master
 2019-03-20 16:11:02 +01:00
Mariusz Felisiak
f8ce3cd162 [1.11.x] Fixed serializers tests for PyYAML 5.1+. 
Backport of a57c783dd4e6dc73847081221827a1902eede88b from master
 2019-03-14 18:45:14 +01:00
Mariusz Felisiak
f13bfdeb55
[1.11.x] Reverted "Fixed relative paths imports per isort 4.3.5." 
This reverts commit 463fe11bc8b2d068e447c5df677e7a31c2af7e03 due to
restore of relative paths sorting from isort < 4.3.5 in isort 4.3.10.

Backport of b435f82939edf70674856e0e1cd63973c2e0a1d1 from master.
 2019-03-03 19:47:17 +01:00
Mariusz Felisiak
b9beb6a52e
[1.11.x] Fixed relative paths imports per isort 4.3.5. 
Backport of 463fe11bc8b2d068e447c5df677e7a31c2af7e03 from master.
 2019-02-25 20:02:56 +01:00
Tim Graham
1b8a26efa2 [1.11.x] Fixed E117 flake8 warnings. 2019-02-14 09:35:54 -05:00