| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2014-04-28 | [1.4.x] Bump version numbers for 1.4.12 bugfix release.1.4.12 | James Bennett | |
| 2014-04-23 | [1.4.x] Fixed #22486 -- Restored the ability to reverse views created using ↵ | Tim Graham | |
| functools.partial. Regression in 8b93b31. Thanks rcoup for the report. Backport of 3c06b2f2a3 from master | |||
| 2014-04-22 | [1.4.x] Post release version bump. | Tim Graham | |
| 2014-04-21 | [1.4.x] Bump version numbers for 1.4.11 security release.1.4.11 | James Bennett | |
| 2014-04-21 | [1.4.x] Added information on resolved security issues to release notes. | Erik Romijn | |
| Backport of c07f3e60c2d455e36ba4ac339d4283d32bbc3814 from master | |||
| 2014-04-21 | [1.4.x] Fixed queries that may return unexpected results on MySQL due to ↵ | Erik Romijn | |
| typecasting. This is a security fix. Disclosure will follow shortly. Backport of 75c0d4ea3ae48970f788c482ee0bd6b29a7f1307 from master | |||
| 2014-04-21 | [1.4.x] Prevented leaking the CSRF token through caching. | Aymeric Augustin | |
| This is a security fix. Disclosure will follow shortly. Backport of c083e3815aec23b99833da710eea574e6f2e8566 from master | |||
| 2014-04-21 | [1.4.x] Fixed a remote code execution vulnerabilty in URL reversing. | Tim Graham | |
| Thanks Benjamin Bach for the report and initial patch. This is a security fix; disclosure to follow shortly. Backport of 8b93b31487d6d3b0fcbbd0498991ea0db9088054 from master | |||
| 2014-04-21 | [1.4.x] Corrected the section identifier for MySQL unicode reference. | Matt Lauber | |
| Backport of b2514c02e1 from master | |||
| 2014-04-19 | [1.4.x] Fixed random aggregation_regress test_more_more_more() failure | Tim Graham | |
| The cause was assuming that an unordered queryset returns the values always in the same order. Backport of 33dd8f544205be923e2a06106909ebcd3583526b | |||
| 2014-03-24 | [1.4.x] Updated six to 1.6.1. | Tim Graham | |
| Backport of 2ec82c7387db071278201796208808de84c90dbf from master | |||
| 2014-03-22 | [1.4.x] Clarified striptags documentation | Claude Paroz | |
| The fact that striptags cannot guarantee to really strip all non-safe HTML content was not clear enough. Also see: https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/ Partial backport (doc-only) of 6ca6c36f82 from master. | |||
| 2014-03-05 | [1.4.x] Fixed #21195 -- Clarifed usage of template_name in tutorial part 4. | Tim Graham | |
| Backport of b66a51ad545ac726ef98966cbc35ee7aefdff8cd from master. | |||
| 2014-01-26 | [1.4.x] Added release note stub for 1.4.11. | Tim Graham | |
| Backport of dfa28981ce from master. | |||
| 2014-01-26 | [1.4.x] Fixed #21823 -- Upgraded six to 1.5.2 | Tim Graham | |
| Backport of 780ae7e9f8 from master. | |||
| 2014-01-24 | [1.4.x] Fixed #21869 -- Fixed docs building with Sphinx 1.2.1. | Tim Graham | |
| Thanks tragiclifestories for the report. Backport of e1d18b9d2e from master | |||
| 2014-01-19 | [1.4.x] Added a note about LTS releases. | Jacob Kaplan-Moss | |
| Backport of a44cbca2a5f1388c6511dad48443877fa660845a from master. | |||
| 2014-01-17 | [1.4.x] Fixed #20052 -- Discouraged use of Jython given the current state of ↵ | Tim Graham | |
| django-jython. Thanks Josh Juneau (maintainer of django-jython) for the review. Backport of a67e327db5 from master | |||
| 2014-01-02 | Updated six to version 1.4.1 | Luke Plant | |
| This is not a bugfix. But six only exists on Django 1.4.x branch to help with future compatibility, so it is helpful if it keeps up with latest Django. | |||
| 2013-12-11 | [1.4.x] Fixed #21594 -- Added note about model formsets deleting objects. | Ben Spaulding | |
| This behavior has been fixed in 65e03a424e. refs #10284. Backport of de1d5d5df5 from stable/1.6.x. | |||
| 2013-12-04 | [1.4.x] Fixed #21558 -- Support building CHM files. | Aymeric Augustin | |
| Thanks Michał Pasternak. Backport of cd9e85ec from master. | |||
| 2013-12-02 | [1.4.x] Fixed #21538 -- Added numpy to test/requirements/base.txt | Alasdair Nicol | |
| Thanks Tim Graham for the report Backport of c75dd664c from master | |||
| 2013-11-23 | [1.4.x] Removed obsolete deprecation notes. | Aymeric Augustin | |
| 2013-11-22 | [1.4.x] Fix #20054: Removed links to modwsgi.org. | Baptiste Mispelon | |
| Backport of 957fcd0c9fc605bbb69e03296aede3b0bac5a8d2 from master. | |||
| 2013-11-07 | [1.4.x] Added 1.4.10 release notes to index. | Tim Graham | |
| 2013-11-06 | [1.4.x] Bump version info and add release notes for 1.4.10.1.4.10 | James Bennett | |
| 2013-11-02 | Fixed #21362 -- Restored Python 2.5 compatibility. | Florian Apolloner | |
| 2013-11-01 | Merge pull request #1837 from loic/django14 | Aymeric Augustin | |
| Fixed SyntaxError on Python 2.5 caused by a @unittest.skipIf class decoration. | |||
| 2013-11-01 | Fixed SyntaxError on Python 2.5 caused by a @unittest.skipIf class decoration. | Loic Bistuer | |
| 2013-10-25 | [1.4.x] Fixed typo in docs/releases/1.4.9.txt. | Paolo Melchiorre | |
| Backport of 3b0293370a from master | |||
| 2013-10-25 | [1.4.x] Bump version post-release. | Tim Graham | |
| 2013-10-24 | [1.4.x] Bump everything for 1.4.9 bugfix release.1.4.9 | James Bennett | |
| 2013-10-23 | [1.4.x] Bumped release date for 1.5.5 & 1.4.9. | Tim Graham | |
| Backport of 4ce5c119b5 from master | |||
| 2013-10-23 | Fixed #13245: Explained Oracle's behavior w.r.t db_table | Shai Berger | |
| and how to prevent table-name truncation Thanks russellm & timo for discussion, and timo for review. Backported from master 317040a73b77be8f8210801793b2ce6d1a69301e | |||
| 2013-10-22 | [1.4.x] Added 1.4.9 release notes | Tim Graham | |
| Backport of 2eb8f15516 from master | |||
| 2013-10-21 | [1.4.x] Fixed #21253 -- PBKDF2 with cached HMAC key | Florian Apolloner | |
| This gives a 2x speed increase compared to the existing implementation. Thanks to Steve Thomas for the initial patch and Tim Graham for finishing it. Backport of 1e4f53a6eb8d1816e51eb8bd8f95e704f6b89ead from master. | |||
| 2013-10-13 | [1.4.x] Fixed #21256 -- Error in datetime_safe.datetime.combine. | Aymeric Augustin | |
| Backport of d9b6fb8 from master | |||
| 2013-10-09 | [1.4.x] Fixed #21248 -- Skipped test_bcrypt if no py-bcrypt found | Anssi Kääriäinen | |
| Pre 1.6 Django worked only with py-bcrypt, not with bcrypt. Skipped test_bcrypt when using bcrypt to avoid false positives. Backpatch of 9f8a36eb20895d9e542820d5190bfa77ad1b85d9 from stable/1.5.x. | |||
| 2013-09-24 | [1.4.x] Fixed #21138 -- Increased the performance of our PBKDF2 implementation. | Florian Apolloner | |
| Thanks go to Michael Gebetsroither for pointing out this issue and help on the patch. Backport of 68540fe4df44492571bc610a0a043d3d02b3d320 from master. | |||
| 2013-09-24 | Revert "[1.4.x] Ensure that passwords are never long enough for a DoS." | Florian Apolloner | |
| This reverts commit 3f3d887a6844ec2db743fee64c9e53e04d39a368. This fix is no longer necessary, our pbkdf2 (see next commit) implementation no longer rehashes the password every iteration. | |||
| 2013-09-15 | [1.4.x] Cleaned up 1.4.8 release notes | Tim Graham | |
| Backport of 8d29005524 from master | |||
| 2013-09-15 | [1.4.x] Bump version post-release. | Tim Graham | |
| 2013-09-15 | [1.4.x] Fixed geos test to prevent random failure | Claude Paroz | |
| Points in the test fixtures have 20 as max coordinate. Backport of 87854b0bdf354059f949350a4d63a0ed071d564c from master. | |||
| 2013-09-15 | [1.4.x] Removed usage of b"" string syntax for Python 2.5 compatibility.1.4.8 | Russell Keith-Magee | |
| Refs commit 3f3d887a6844ec2db743fee64c9e53e04d39a368. | |||
| 2013-09-14 | [1.4.x] Add release notes and bump version numbers for 1.4.8 security release. | James Bennett | |
| 2013-09-15 | [1.4.x] Ensure that passwords are never long enough for a DoS. | Russell Keith-Magee | |
| * Limit the password length to 4096 bytes * Password hashers will raise a ValueError * django.contrib.auth forms will fail validation * Document in release notes that this is a backwards incompatible change Thanks to Josh Wright for the report, and Donald Stufft for the patch. This is a security fix; disclosure to follow shortly. Backport of aae5a96d5754ad34e48b7f673ef2411a3bbc1015 from master. | |||
| 2013-09-13 | Fixed #18923 -- Corrected usage of sensitive_post_parameters in contrib.auth | Tim Graham | |
| Thanks Collin Anderson for the report. Backport of 425d076d0c from master | |||
| 2013-09-11 | [1.4.x] Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH. | Tim Graham | |
| Thanks EvilDMP for the report and Russell Keith-Magee for the draft text. Backport of da843e7dba from master | |||
| 2013-09-11 | Merge pull request #1616 from loic/fix1.4 | Florian Apolloner | |
| Fixed failing test introduced by 87d2750b39. | |||
| 2013-09-11 | [1.4.x] Bump version post-release. | Tim Graham | |
