summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-01-13[1.4.x] Bumped version for 1.4.18 release.1.4.18Tim Graham
2015-01-13[1.4.x] Added dates to release notes.Tim Graham
2015-01-05[1.4.x] Prevented views.static.serve() from using large memory on large files.Tim Graham
This is a security fix. Disclosure following shortly.
2015-01-05[1.4.x] Fixed is_safe_url() to handle leading whitespace.Tim Graham
This is a security fix. Disclosure following shortly.
2015-01-05[1.4.x] Stripped headers containing underscores to prevent spoofing in WSGI ↵Carl Meyer
environ. This is a security fix. Disclosure following shortly. Thanks to Jedediah Smith for the report.
2015-01-05[1.4.x] Added stub release notes for security releases.Tim Graham
2015-01-05[1.4.x] Fixed #24081 -- Downgraded six to 1.8.0.Tim Graham
This reverts commit a25c444bc701b496f2b05f57fc3ec42cdac9dd85. six 1.9+ requires Python 2.6 so this commit restores Python 2.5 compatibility.
2015-01-02[1.4.x] Removed wheel generation from Makefile.Tim Graham
2015-01-02[1.4.x] Post-release version bump.Tim Graham
2015-01-02[1.4.x] Bumped version for 1.4.17 release.1.4.17Tim Graham
2015-01-02[1.4.x] Added dates to release notes.Tim Graham
Backport of 15cd71ed24945ff7be5716580603fd65c0d45ef7 from master
2015-01-02[1.4.x] Updated six to 1.9.0.Tim Graham
Backport of 52f0b2b62262743d5f935ddae29428e661b5d8ea from master
2014-11-25[1.4.x] Fixed #23754 -- Always allowed reference to the primary key in the adminSimon Charette
This change allows dynamically created inlines "Add related" button to work correcly as long as their associated foreign key is pointing to the primary key of the related model. Thanks to amorce for the report, Julien Phalip for the initial patch, and Collin Anderson for the review. Backport of f9c4e14aeca7df79991bca8ac2d743953cbd095c from master
2014-11-13[1.4.x] Removed thread customizations of six which are now built-in.Tim Graham
Backport of 7ef81b5cdd4c8eda12aa7786484a0bfde00aaaa4 from master
2014-11-04[1.4.x] Updated six to 1.8.0.Tim Graham
Backport of 81477c91f6 from master
2014-10-22[1.4.x] Post-release version bump.Tim Graham
2014-10-22[1.4.x] Bump version numbers for bugfix release.1.4.16James Bennett
2014-10-22[1.4.x] Added release dates to release notes.Tim Graham
Backport of 9dc782b631 from master
2014-10-10[1.4.x] Fixed #23631 -- Removed outdated note on MySQL timezone support.Tim Graham
Thanks marfire for the report. Backport of 9db3653670 from master
2014-10-06[1.4.x] Fixed #23604 -- Allowed related m2m fields to be references in the ↵Emmanuelle Delescolle
admin. Thanks Simon Charette for review. Backport of a24cf21722 from master
2014-09-29[1.4.x] Required numpy < 1.9 for tests; refs #23489.Tim Graham
Backport of 4743a94429 from stable/1.7.x
2014-09-17[1.4.x] Fixed #23499 -- Error in built-in template tag "now" documentationJoseph Dougherty
Backport of ab8248361e0a7b4fc7684eaaa5891e16b8562683 from master.
2014-09-11[1.4.x] Fixed #20036 -- Improved GEOS version string parsingClaude Paroz
Thanks chikiro.spam at gmail.com for the report.
2014-09-08[1.4.x] Fixed #23431 -- Allowed inline and hidden references to admin fields.Simon Charette
This fixes a regression introduced by the 53ff096982 security fix. Thanks to @a1tus for the report and Tim for the review. refs #23329. Backport of 342ccbd from master
2014-09-02[1.4.x] Added dates to release notes.Tim Graham
Backport of 0fd23545db from master
2014-09-02[1.4.x] Post release version bump.Tim Graham
2014-09-02[1.4.x] Bump version numbers for bugfix release.1.4.15James Bennett
2014-08-27[1.4.x] Fixed #23329 -- Allowed inherited and m2m fields to be referenced in ↵Simon Charette
the admin. Thanks to Trac alias Markush2010 and ross for the detailed reports. Backport of 3cbb759 from master
2014-08-26[1.4.x] Fixed spelling mistake in file docs.Tim Graham
Backport of a3e88e64a4 from master
2014-08-20[1.4.x] Bumped version number post-release.Tim Graham
2014-08-20[1.4.x] Added dates to release notes.Tim Graham
2014-08-20[1.4.x] Bump version numbers for security release.1.4.14James Bennett
2014-08-11[1.4.x] Prevented data leakage in contrib.admin via query string manipulation.Simon Charette
This is a security fix. Disclosure following shortly.
2014-08-11[1.4.x] Fixed #23066 -- Modified RemoteUserMiddleware to logout on ↵Preston Holmes
REMOTE_USE change. This is a security fix. Disclosure following shortly.
2014-08-11[1.4.x] Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file ↵Tim Graham
names. This is a security fix. Disclosure following shortly.
2014-08-11[1.4.x] Prevented reverse() from generating URLs pointing to other hosts.Florian Apolloner
This is a security fix. Disclosure following shortly.
2014-08-11[1.4.x] Added release note stub for 1.4.14.Tim Graham
2014-08-11[1.4.x] Added a warning that remove_tags() output shouldn't be considered safe.Tim Graham
Backport of 7efce77de2 from master
2014-08-08[1.4.x] Noted that django-jython requires Django 1.7.Tim Graham
Backport of 72e98d5c16 from stable/1.6.x
2014-08-06[1.4.x] Fixed #23239 -- Clarified a phrase in the contrib.markup docs.Tim Graham
Backport of e0fb48c254 from stable/1.5.x
2014-08-02[1.4.x] Fixed #23149 -- Clarified note on HTTPOnly in cookie-based session docsErik Romijn
Backport of e26366da44bb343e7a95d01ff0dd18b8026c2802 from master.
2014-07-25[1.4.x] Added tests/requirements/py2.txt.Tim Graham
This follows the convention used in other branches so we don't need a special case in the build script for 1.4.
2014-07-14[1.4.x] Revert "Fixed #13794 -- Fixed to_field usage in BaseInlineFormSet."Ramiro Morales
This reverts commit b44519072e8a0ef56a0ae9e6e4a1fb04273eb0eb. stable/1.4.x branch is in security-fixes-only mode.
2014-07-14[1.4.x] Fixed #13794 -- Fixed to_field usage in BaseInlineFormSet.Tim Graham
Thanks sebastien at clarisys.fr for the report and gautier for the patch. Backport of 5e2c4a4bd1 from master
2014-06-18[1.4.x] Fixed #22859 -- Improved crossDomain technique in CSRF example.Tim Graham
Thanks flisky for the report. Backport of 0be4d64487 from master
2014-05-15[1.4.x] Minor edits to latest release notes.Tim Graham
Backport of 860d31ac7a3bdd4b27db8b34b110b3d801ddaf8a from master
2014-05-14Bumped version numbers post-release.Jacob Kaplan-Moss
2014-05-14Bumped version numbers for release.1.4.13Jacob Kaplan-Moss
2014-05-14Added release notes for 1.4.13.Jacob Kaplan-Moss
2014-05-12[1.4.x] Added additional checks in is_safe_url to account for flexible parsing.Tim Graham
This is a security fix. Disclosure following shortly.