django/releases at stable/1.4.x - django - Turnium code repositories

Django/django

History

Tim Graham 575f59f9bc [1.4.x] Fixed DoS possiblity in contrib.auth.views.logout()

Refs #20936 -- When logging out/ending a session, don't create a new, empty session.

Previously, when logging out, the existing session was overwritten by a
new sessionid instead of deleting the session altogether.

This behavior added overhead by creating a new session record in
whichever backend was in use: db, cache, etc.

This extra session is unnecessary at the time since no session data is
meant to be preserved when explicitly logging out.

Backport of 393c0e24223c701edeb8ce7dc9d0f852f0c081ad,
088579638b160f3716dc81d194be70c72743593f, and
2dee853ed4def42b7ef1b3b472b395055543cc00 from master

Thanks Florian Apolloner and Carl Meyer for review.

This is a security fix.

2015-08-18 08:35:42 -04:00

..

0.95.txt

Replaced http by https in djangoproject.com links

2012-03-13 17:53:31 +00:00

0.96.txt

Replaced http by https in djangoproject.com links

2012-03-13 17:53:31 +00:00

1.0-alpha-1.txt

Replaced http by https in djangoproject.com links

2012-03-13 17:53:31 +00:00

1.0-alpha-2.txt

Replaced http by https in djangoproject.com links

2012-03-13 17:53:31 +00:00

1.0-beta-2.txt

[1.4.x] Updated obsolete links in the documentation

2012-08-30 07:47:56 -04:00

1.0-beta.txt

Replaced http by https in djangoproject.com links

2012-03-13 17:53:31 +00:00

1.0-porting-guide.txt

Replaced http by https in djangoproject.com links

2012-03-13 17:53:31 +00:00

1.0.1.txt

[1.4.x] Updated obsolete links in the documentation

2012-08-30 07:47:56 -04:00

1.0.2.txt

Fixed #14141 : docs now use the :doc: construct for links between documents.

2010-08-19 19:27:44 +00:00

1.0.txt

[1.4.x] Updated obsolete links in the documentation

2012-08-30 07:47:56 -04:00

1.1-alpha-1.txt

Replaced http by https in djangoproject.com links

2012-03-13 17:53:31 +00:00

1.1-beta-1.txt

Replaced http by https in djangoproject.com links

2012-03-13 17:53:31 +00:00

1.1-rc-1.txt

Replaced http by https in djangoproject.com links

2012-03-13 17:53:31 +00:00

1.1.2.txt

Fixed #14141 : docs now use the :doc: construct for links between documents.

2010-08-19 19:27:44 +00:00

1.1.3.txt

Fixed #15253 -- Added 1.1.3 release notes, and added sections to the 1.2.4 and 1.3 release notes about the December security announcement.

2011-02-10 11:55:24 +00:00

1.1.4.txt

Fixed many more ReST indentation errors, somehow accidentally missed from [16955]

2011-10-14 00:12:01 +00:00

1.1.txt

[1.4.x] Updated obsolete links in the documentation

2012-08-30 07:47:56 -04:00

1.2-alpha-1.txt

Replaced http by https in djangoproject.com links

2012-03-13 17:53:31 +00:00

1.2-beta-1.txt

Replaced http by https in djangoproject.com links

2012-03-13 17:53:31 +00:00

1.2-rc-1.txt

Replaced http by https in djangoproject.com links

2012-03-13 17:53:31 +00:00

1.2.1.txt

Added placeholder release notes for the 1.2.1 and 1.2.3 releases.

2011-08-26 09:31:01 +00:00

1.2.2.txt

Fixed #14225 -- Added a documentation marker (and a 1.2.2 release notes file, required to satisfy Sphinx) for the enable_csrf_checks flag on the test client. Thanks to public@grep.ro for the report.

2010-10-08 14:48:04 +00:00

1.2.3.txt

Added placeholder release notes for the 1.2.1 and 1.2.3 releases.

2011-08-26 09:31:01 +00:00

1.2.4.txt

Replaced http by https in djangoproject.com links

2012-03-13 17:53:31 +00:00

1.2.5.txt

Replaced http by https in djangoproject.com links

2012-03-13 17:53:31 +00:00

1.2.6.txt

Added basic release notes for 1.2.6 and 1.3.1.

2011-09-10 03:33:54 +00:00

1.2.7.txt

Added basic release notes for 1.2.7.

2011-09-11 02:28:08 +00:00

1.2.txt

Fixed many more ReST indentation errors, somehow accidentally missed from [16955]

2011-10-14 00:12:01 +00:00

1.3-alpha-1.txt

Replaced http by https in djangoproject.com links

2012-03-13 17:53:31 +00:00

1.3-beta-1.txt

Replaced http by https in djangoproject.com links

2012-03-13 17:53:31 +00:00

1.3.1.txt

Added basic release notes for 1.2.6 and 1.3.1.

2011-09-10 03:33:54 +00:00

1.3.2.txt

[1.4.x] Added 1.4.1 and 1.3.2 release notes

2012-08-31 20:38:12 +02:00

1.3.3.txt

[1.4.x] Added missing release notes for older versions of Django

2013-08-12 14:11:10 -04:00

1.3.4.txt

[1.4.x] Added missing release notes for older versions of Django

2013-08-12 14:11:10 -04:00

1.3.5.txt

[1.4.x] Added missing release notes for older versions of Django

2013-08-12 14:11:10 -04:00

1.3.6.txt

[1.4.x] Added missing release notes for older versions of Django

2013-08-12 14:11:10 -04:00

1.3.7.txt

[1.4.x] Added missing release notes for older versions of Django

2013-08-12 14:11:10 -04:00

1.3.txt

[1.4.x] Fixed #18944 -- Documented PasswordResetForm's from_email argument as a backwards incompatible change for 1.3

2013-07-08 15:06:45 -04:00

1.4-alpha-1.txt

[1.4.x] Cleaned up 1.4.8 release notes

2013-09-15 14:29:40 -04:00

1.4-beta-1.txt

[1.4.x] Cleaned up 1.4.8 release notes

2013-09-15 14:29:40 -04:00

1.4.1.txt

[1.4.x] Added 1.4.1 and 1.3.2 release notes

2012-08-31 20:38:12 +02:00

1.4.2.txt

[1.4.x] Added missing release notes for older versions of Django

2013-08-12 14:11:10 -04:00

1.4.3.txt

[1.4.x] Added missing release notes for older versions of Django

2013-08-12 14:11:10 -04:00

1.4.4.txt

[1.4.x] Don't characterize XML vulnerabilities as DoS-only.

2013-02-19 18:22:22 -07:00

1.4.5.txt

[1.4.x] Added missing release notes for older versions of Django

2013-08-12 14:11:10 -04:00

1.4.6.txt

Added 1.4.6/1.5.2 release notes.

2013-08-13 11:18:07 -05:00

1.4.7.txt

Added 1.4.7 release notes

2013-09-10 21:09:47 -04:00

1.4.8.txt

[1.4.x] Cleaned up 1.4.8 release notes

2013-09-15 14:29:40 -04:00

1.4.9.txt

[1.4.x] Fixed typo in docs/releases/1.4.9.txt.

2013-10-25 07:55:50 -04:00

1.4.10.txt

[1.4.x] Added 1.4.10 release notes to index.

2013-11-07 09:38:53 -05:00

1.4.11.txt

[1.4.x] Added information on resolved security issues to release notes.

2014-04-21 18:31:44 -04:00

1.4.12.txt

[1.4.x] Added dates to release notes of today's release.

2014-04-28 19:07:51 -04:00

1.4.13.txt

[1.4.x] Minor edits to latest release notes.

2014-05-15 07:17:54 -04:00

1.4.14.txt

[1.4.x] Added dates to release notes.

2014-08-20 16:33:50 -04:00

1.4.15.txt

[1.4.x] Added dates to release notes.

2014-09-02 21:36:44 -04:00

1.4.16.txt

[1.4.x] Added release dates to release notes.

2014-10-22 12:25:45 -04:00

1.4.17.txt

[1.4.x] Added dates to release notes.

2015-01-02 19:23:14 -05:00

1.4.18.txt

[1.4.x] Added dates to release notes.

2015-01-13 13:10:54 -05:00

1.4.19.txt

[1.4.x] Bumped version for 1.4.19 release.

2015-01-27 11:55:02 -05:00

1.4.20.txt

[1.4.x] Made is_safe_url() reject URLs that start with control characters.

2015-03-18 08:39:37 -04:00

1.4.21.txt

[1.4.x] Prevented newlines from being accepted in some validators.

2015-07-08 07:38:06 -04:00

1.4.22.txt

[1.4.x] Fixed DoS possiblity in contrib.auth.views.logout()

2015-08-18 08:35:42 -04:00

1.4.txt

[1.4.x] Cleaned up 1.4.8 release notes

2013-09-15 14:29:40 -04:00

index.txt

[1.4.x] Fixed #25119 -- Disabled wheel support.

2015-07-13 19:57:52 -04:00