django.git, branch 1.3.6

django.git, branch 1.3.6 django http://cgit.adnoto.dev/django.git/atom?h=1.3.6 2013-02-19T20:18:32Z [1.3.x] Bump version numbers for security release. 2013-02-19T20:18:32Z James Bennett james@b-list.org 2013-02-19T20:18:32Z urn:sha1:747d3f0d0390d1eeae28cb74c310c08c8b4fb58c [1.3.x] Update 1.3.6 release notes for all security fixes. 2013-02-19T18:52:19Z Carl Meyer carl@oddbird.net 2013-02-12T22:48:37Z urn:sha1:f6f6f87a9832f9bd441f6510a6b233e72771e4f5 [1.3.x] Added a default limit to the maximum number of forms in a formset. 2013-02-12T11:13:42Z Aymeric Augustin aymeric.augustin@m4x.org 2013-02-12T10:22:41Z urn:sha1:d7094bbce8cb838f3b40f504f198c098ff1cf727 This is a security fix. Disclosure and advisory coming shortly. [1.3.x] Checked object permissions on admin history view. 2013-02-12T11:13:42Z Carl Meyer carl@oddbird.net 2013-02-04T23:57:59Z urn:sha1:d3a45e10c8ac8268899999129daa27652ec0da35 This is a security fix. Disclosure and advisory coming shortly. Patch by Russell Keith-Magee. [1.3.x] Restrict the XML deserializer to prevent network and entity-expansion DoS attacks. 2013-02-12T11:13:42Z Carl Meyer carl@oddbird.net 2013-02-12T04:54:53Z urn:sha1:d19a27066b2247102e65412aa66917aff0091112 This is a security fix. Disclosure and advisory coming shortly. [1.3.x] Added ALLOWED_HOSTS setting for HTTP host header validation. 2013-02-12T10:41:43Z Carl Meyer carl@oddbird.net 2013-02-09T19:25:52Z urn:sha1:27cd872e6e36a81d0bb6f5b8765a1705fecfc253 This is a security fix; disclosure and advisory coming shortly. [1.3.X] Fixed a test failure in the comment tests. 2012-12-10T22:37:47Z Florian Apolloner florian@apolloner.eu 2012-12-10T22:34:51Z urn:sha1:6e70f67470d6d4baf87728702886f89ac075b73c Backport of 1eb0da1c5ba3096f218d1df13d02a2b8e1ac7a36 from master. [1.3.x] Bump version numbers for security release. 2012-12-10T21:38:03Z James Bennett james@b-list.org 2012-12-10T21:38:03Z urn:sha1:59a3e26425cfabdb39295085ca6f3d5922bf1ec6 [1.3.X] Fixed a security issue in get_host. 2012-12-03T12:11:34Z Florian Apolloner florian@apolloner.eu 2012-11-27T21:27:14Z urn:sha1:2da4ace0bc1bc1d79bf43b368cb857f6f0cd6b1b Full disclosure and new release forthcoming. [1.3.X] Fixed #18856 -- Ensured that redirects can't be poisoned by malicious users. 2012-11-17T22:03:15Z Florian Apolloner florian@apolloner.eu 2012-11-17T21:00:53Z urn:sha1:1515eb46daa0897ba5ad5f0a2db8969255f1b343