summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-04-28[1.4.x] Bump version numbers for 1.4.12 bugfix release.1.4.12James Bennett
2014-04-23[1.4.x] Fixed #22486 -- Restored the ability to reverse views created using ↵Tim Graham
functools.partial. Regression in 8b93b31. Thanks rcoup for the report. Backport of 3c06b2f2a3 from master
2014-04-22[1.4.x] Post release version bump.Tim Graham
2014-04-21[1.4.x] Bump version numbers for 1.4.11 security release.1.4.11James Bennett
2014-04-21[1.4.x] Added information on resolved security issues to release notes.Erik Romijn
Backport of c07f3e60c2d455e36ba4ac339d4283d32bbc3814 from master
2014-04-21[1.4.x] Fixed queries that may return unexpected results on MySQL due to ↵Erik Romijn
typecasting. This is a security fix. Disclosure will follow shortly. Backport of 75c0d4ea3ae48970f788c482ee0bd6b29a7f1307 from master
2014-04-21[1.4.x] Prevented leaking the CSRF token through caching.Aymeric Augustin
This is a security fix. Disclosure will follow shortly. Backport of c083e3815aec23b99833da710eea574e6f2e8566 from master
2014-04-21[1.4.x] Fixed a remote code execution vulnerabilty in URL reversing.Tim Graham
Thanks Benjamin Bach for the report and initial patch. This is a security fix; disclosure to follow shortly. Backport of 8b93b31487d6d3b0fcbbd0498991ea0db9088054 from master
2014-04-21[1.4.x] Corrected the section identifier for MySQL unicode reference.Matt Lauber
Backport of b2514c02e1 from master
2014-04-19[1.4.x] Fixed random aggregation_regress test_more_more_more() failureTim Graham
The cause was assuming that an unordered queryset returns the values always in the same order. Backport of 33dd8f544205be923e2a06106909ebcd3583526b
2014-03-24[1.4.x] Updated six to 1.6.1.Tim Graham
Backport of 2ec82c7387db071278201796208808de84c90dbf from master
2014-03-22[1.4.x] Clarified striptags documentationClaude Paroz
The fact that striptags cannot guarantee to really strip all non-safe HTML content was not clear enough. Also see: https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/ Partial backport (doc-only) of 6ca6c36f82 from master.
2014-03-05[1.4.x] Fixed #21195 -- Clarifed usage of template_name in tutorial part 4.Tim Graham
Backport of b66a51ad545ac726ef98966cbc35ee7aefdff8cd from master.
2014-01-26[1.4.x] Added release note stub for 1.4.11.Tim Graham
Backport of dfa28981ce from master.
2014-01-26[1.4.x] Fixed #21823 -- Upgraded six to 1.5.2Tim Graham
Backport of 780ae7e9f8 from master.
2014-01-24[1.4.x] Fixed #21869 -- Fixed docs building with Sphinx 1.2.1.Tim Graham
Thanks tragiclifestories for the report. Backport of e1d18b9d2e from master
2014-01-19[1.4.x] Added a note about LTS releases.Jacob Kaplan-Moss
Backport of a44cbca2a5f1388c6511dad48443877fa660845a from master.
2014-01-17[1.4.x] Fixed #20052 -- Discouraged use of Jython given the current state of ↵Tim Graham
django-jython. Thanks Josh Juneau (maintainer of django-jython) for the review. Backport of a67e327db5 from master
2014-01-02Updated six to version 1.4.1Luke Plant
This is not a bugfix. But six only exists on Django 1.4.x branch to help with future compatibility, so it is helpful if it keeps up with latest Django.
2013-12-11[1.4.x] Fixed #21594 -- Added note about model formsets deleting objects.Ben Spaulding
This behavior has been fixed in 65e03a424e. refs #10284. Backport of de1d5d5df5 from stable/1.6.x.
2013-12-04[1.4.x] Fixed #21558 -- Support building CHM files.Aymeric Augustin
Thanks Michał Pasternak. Backport of cd9e85ec from master.
2013-12-02[1.4.x] Fixed #21538 -- Added numpy to test/requirements/base.txtAlasdair Nicol
Thanks Tim Graham for the report Backport of c75dd664c from master
2013-11-23[1.4.x] Removed obsolete deprecation notes.Aymeric Augustin
2013-11-22[1.4.x] Fix #20054: Removed links to modwsgi.org.Baptiste Mispelon
Backport of 957fcd0c9fc605bbb69e03296aede3b0bac5a8d2 from master.
2013-11-07[1.4.x] Added 1.4.10 release notes to index.Tim Graham
2013-11-06[1.4.x] Bump version info and add release notes for 1.4.10.1.4.10James Bennett
2013-11-02Fixed #21362 -- Restored Python 2.5 compatibility.Florian Apolloner
2013-11-01Merge pull request #1837 from loic/django14Aymeric Augustin
Fixed SyntaxError on Python 2.5 caused by a @unittest.skipIf class decoration.
2013-11-01Fixed SyntaxError on Python 2.5 caused by a @unittest.skipIf class decoration.Loic Bistuer
2013-10-25[1.4.x] Fixed typo in docs/releases/1.4.9.txt.Paolo Melchiorre
Backport of 3b0293370a from master
2013-10-25[1.4.x] Bump version post-release.Tim Graham
2013-10-24[1.4.x] Bump everything for 1.4.9 bugfix release.1.4.9James Bennett
2013-10-23[1.4.x] Bumped release date for 1.5.5 & 1.4.9.Tim Graham
Backport of 4ce5c119b5 from master
2013-10-23Fixed #13245: Explained Oracle's behavior w.r.t db_tableShai Berger
and how to prevent table-name truncation Thanks russellm & timo for discussion, and timo for review. Backported from master 317040a73b77be8f8210801793b2ce6d1a69301e
2013-10-22[1.4.x] Added 1.4.9 release notesTim Graham
Backport of 2eb8f15516 from master
2013-10-21[1.4.x] Fixed #21253 -- PBKDF2 with cached HMAC keyFlorian Apolloner
This gives a 2x speed increase compared to the existing implementation. Thanks to Steve Thomas for the initial patch and Tim Graham for finishing it. Backport of 1e4f53a6eb8d1816e51eb8bd8f95e704f6b89ead from master.
2013-10-13[1.4.x] Fixed #21256 -- Error in datetime_safe.datetime.combine.Aymeric Augustin
Backport of d9b6fb8 from master
2013-10-09[1.4.x] Fixed #21248 -- Skipped test_bcrypt if no py-bcrypt foundAnssi Kääriäinen
Pre 1.6 Django worked only with py-bcrypt, not with bcrypt. Skipped test_bcrypt when using bcrypt to avoid false positives. Backpatch of 9f8a36eb20895d9e542820d5190bfa77ad1b85d9 from stable/1.5.x.
2013-09-24[1.4.x] Fixed #21138 -- Increased the performance of our PBKDF2 implementation.Florian Apolloner
Thanks go to Michael Gebetsroither for pointing out this issue and help on the patch. Backport of 68540fe4df44492571bc610a0a043d3d02b3d320 from master.
2013-09-24Revert "[1.4.x] Ensure that passwords are never long enough for a DoS."Florian Apolloner
This reverts commit 3f3d887a6844ec2db743fee64c9e53e04d39a368. This fix is no longer necessary, our pbkdf2 (see next commit) implementation no longer rehashes the password every iteration.
2013-09-15[1.4.x] Cleaned up 1.4.8 release notesTim Graham
Backport of 8d29005524 from master
2013-09-15[1.4.x] Bump version post-release.Tim Graham
2013-09-15[1.4.x] Fixed geos test to prevent random failureClaude Paroz
Points in the test fixtures have 20 as max coordinate. Backport of 87854b0bdf354059f949350a4d63a0ed071d564c from master.
2013-09-15[1.4.x] Removed usage of b"" string syntax for Python 2.5 compatibility.1.4.8Russell Keith-Magee
Refs commit 3f3d887a6844ec2db743fee64c9e53e04d39a368.
2013-09-14[1.4.x] Add release notes and bump version numbers for 1.4.8 security release.James Bennett
2013-09-15[1.4.x] Ensure that passwords are never long enough for a DoS.Russell Keith-Magee
* Limit the password length to 4096 bytes * Password hashers will raise a ValueError * django.contrib.auth forms will fail validation * Document in release notes that this is a backwards incompatible change Thanks to Josh Wright for the report, and Donald Stufft for the patch. This is a security fix; disclosure to follow shortly. Backport of aae5a96d5754ad34e48b7f673ef2411a3bbc1015 from master.
2013-09-13Fixed #18923 -- Corrected usage of sensitive_post_parameters in contrib.authTim Graham
Thanks Collin Anderson for the report. Backport of 425d076d0c from master
2013-09-11[1.4.x] Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH.Tim Graham
Thanks EvilDMP for the report and Russell Keith-Magee for the draft text. Backport of da843e7dba from master
2013-09-11Merge pull request #1616 from loic/fix1.4Florian Apolloner
Fixed failing test introduced by 87d2750b39.
2013-09-11[1.4.x] Bump version post-release.Tim Graham