django.git, branch 1.3.7

django.git, branch 1.3.7 django http://cgit.adnoto.dev/django.git/atom?h=1.3.7 2013-02-20T19:52:28Z [1.3.x] Bump version numbers to roll a clean package. 2013-02-20T19:52:28Z James Bennett james@b-list.org 2013-02-20T19:52:28Z urn:sha1:304a5e06287290392f2d654446b97b4f6c685b1c [1.4.x] Note that ALLOWED_HOSTS default changes in Django 1.5. 2013-02-20T19:28:39Z Carl Meyer carl@oddbird.net 2013-02-20T19:26:54Z urn:sha1:a57743c9ff904e8c8a90499d9f92bdbd52ff113a [1.3.x] Fixed #19857 -- Fixed broken docs link in project template. 2013-02-20T01:38:58Z Carl Meyer carl@oddbird.net 2013-02-20T01:38:58Z urn:sha1:a6927d821941fa5c25f277479e84e3c32fe005cd Backport of 4cdfb24c98 from 1.4.x. [1.3.x] Don't characterize XML vulnerabilities as DoS-only. 2013-02-20T01:23:25Z Carl Meyer carl@oddbird.net 2013-02-20T01:23:25Z urn:sha1:2378c31430a2b441d23efe98c0af32fe4af0fb53 [1.3.x] Bump version numbers for security release. 2013-02-19T20:18:32Z James Bennett james@b-list.org 2013-02-19T20:18:32Z urn:sha1:747d3f0d0390d1eeae28cb74c310c08c8b4fb58c [1.3.x] Update 1.3.6 release notes for all security fixes. 2013-02-19T18:52:19Z Carl Meyer carl@oddbird.net 2013-02-12T22:48:37Z urn:sha1:f6f6f87a9832f9bd441f6510a6b233e72771e4f5 [1.3.x] Added a default limit to the maximum number of forms in a formset. 2013-02-12T11:13:42Z Aymeric Augustin aymeric.augustin@m4x.org 2013-02-12T10:22:41Z urn:sha1:d7094bbce8cb838f3b40f504f198c098ff1cf727 This is a security fix. Disclosure and advisory coming shortly. [1.3.x] Checked object permissions on admin history view. 2013-02-12T11:13:42Z Carl Meyer carl@oddbird.net 2013-02-04T23:57:59Z urn:sha1:d3a45e10c8ac8268899999129daa27652ec0da35 This is a security fix. Disclosure and advisory coming shortly. Patch by Russell Keith-Magee. [1.3.x] Restrict the XML deserializer to prevent network and entity-expansion DoS attacks. 2013-02-12T11:13:42Z Carl Meyer carl@oddbird.net 2013-02-12T04:54:53Z urn:sha1:d19a27066b2247102e65412aa66917aff0091112 This is a security fix. Disclosure and advisory coming shortly. [1.3.x] Added ALLOWED_HOSTS setting for HTTP host header validation. 2013-02-12T10:41:43Z Carl Meyer carl@oddbird.net 2013-02-09T19:25:52Z urn:sha1:27cd872e6e36a81d0bb6f5b8765a1705fecfc253 This is a security fix; disclosure and advisory coming shortly.