Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
django/django
History
Simon Charette fd393907c9 [1.11.x] Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation. 
This was a regression introduced by 7deeabc7c7526786df6894429ce89a9c4b614086
to address CVE-2019-14234.

Thanks Tim Kleinschmidt for the report and Mariusz for the tests.

Backport of 6c3dfba89215fc56fc27ef61829a6fff88be4abb from master.
2019-09-16 09:05:48 +02:00
..
apps
Refs #26207 -- Removed obsolete comments about deferred model classes.
2016-11-20 18:22:13 -05:00
bin
Removed bin/unique-messages.py
2015-02-06 08:47:38 -05:00
conf
[1.11.x] Fixed #28747 -- Fixed typos in django/conf/global_settings.py comments.
2017-10-26 21:49:24 -04:00
contrib
[1.11.x] Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation.
2019-09-16 09:05:48 +02:00
core
[1.11.x] Removed blank lines per isort 4.3.0.
2018-02-20 08:58:29 -05:00
db
[1.11.x] Fixed E117 and F405 flake8 warnings.
2019-01-30 13:15:13 +01:00
dispatch
Fixed #27513 -- Made Signal.send()/send_robust() a tiny bit faster.
2016-11-22 09:30:14 -05:00
forms
[1.11.x] Fixed #29273 -- Prevented initial selection of empty choice in multiple choice widgets.
2018-04-02 09:27:01 -04:00
http
[1.11.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
2019-07-01 08:40:19 +02:00
middleware
[1.11.x] Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware.
2018-07-25 12:13:03 -04:00
template
[1.11.x] Fixed #28502 -- Made stringformat template filter accept tuples.
2017-08-22 08:57:50 -04:00
templatetags
Refs #25484 -- Made non-staticfiles {% static %} tag quote its output.
2016-12-19 16:18:06 -05:00
test
[1.11.x] Fixed E117 flake8 warnings.
2019-02-14 09:35:54 -05:00
urls
[1.11.x] Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware.
2018-07-25 12:13:03 -04:00
utils
[1.11.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
2019-07-31 21:29:17 +02:00
views
[1.11.x] Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page.
2019-01-03 22:09:25 -05:00
__init__.py
[1.11.x] Post-release version bump.
2019-09-02 09:02:39 +02:00
__main__.py
Fixed #24857 -- Added "python -m django" entry point.
2015-09-07 19:54:32 -04:00
shortcuts.py
Fixed #10532 -- Relaxed hard-type checking in get_object/list_or_404 shortcuts
2016-03-29 21:34:20 +02:00