| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2013-08-13 | Added 1.4.6/1.5.2 release notes.1.4.6 | Tim Graham | |
| 2013-08-13 | Bumped version numbers for 1.4.6. | Jacob Kaplan-Moss | |
| 2013-08-13 | Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S. | Jacob Kaplan-Moss | |
| This is a security fix; disclosure to follow shortly. | |||
| 2013-08-12 | [1.4.x] Added missing release notes for older versions of Django | Tim Graham | |
| Backport of 3f6cc33cff from master | |||
| 2013-07-31 | [1.4.x] Added a bugfix in docutils 0.11 -- docs will now build properly. | Tim Graham | |
| Backport of a3a59a3197 from master | |||
| 2013-07-31 | [1.4.x] Fixed #20779 -- Documented AdminSite.app_index_template; refs #8498. | SusanTan | |
| Thanks CollinAnderson for the report. Backport of 7de35a9ef3 from master | |||
| 2013-07-25 | [1.4.x] Fixed #18315 -- Documented QueryDict.popitem and QueryDict.pop | mark hellewell | |
| Thanks gcbirzan for the report. Backport of 8c9240222f from master | |||
| 2013-07-25 | [1.4.x] Fixed #20792 -- Corrected DISALLOWED_USER_AGENTS docs. | Brenton Cleeland | |
| Thanks simonb for the report. Backport of dab52d99fc from master | |||
| 2013-07-18 | [1.4.x] Atom specification URL updated | Matt Deacalion Stevens | |
| Changed to the URL of the official RFC for Atom, since Atomenabled.org is just a holding page. Backport of beefc97171 from master | |||
| 2013-07-17 | [1.4.x] Fixed #20756 -- Typo in uWSGI docs. | Tim Graham | |
| Backport of a3242dc9fe from master | |||
| 2013-07-11 | [1.4.x] Fixed #20730 -- Fixed "Programmatically creating permissions" error. | Tim Graham | |
| Thanks glarrain for the report. Backport of 684a606a4e from master | |||
| 2013-07-10 | [1.4.x] Fixed #19196 -- Added test/requirements | Tim Graham | |
| Backport of 4d92a0bd86 from master | |||
| 2013-07-08 | [1.4.x] Fixed #18944 -- Documented PasswordResetForm's from_email argument ↵ | Tim Graham | |
| as a backwards incompatible change for 1.3 Thanks DrMeers for the report. Backport of dab921751d from master | |||
| 2013-06-27 | [1.4.x] Fixed #20665 -- Missing backslash in sitemaps documentation | Baptiste Mispelon | |
| Backport of 5005303ae7919eef26dab9f8ba279696966ebf1d from master. | |||
| 2013-06-24 | [1.4.x] Fixed oversight in e3b6fed3. Refs #20636. | Aymeric Augustin | |
| 2013-06-24 | [1.4.x] Fixed #20636 -- Stopped stuffing values in the settings. | Aymeric Augustin | |
| In Django < 1.6, override_settings restores the settings module that was active when the override_settings call was executed, not when it was run. This can make a difference when override_settings is applied to a class, since it's executed when the module is imported, not when the test case is run. In addition, if the settings module for tests is stored alongside the tests themselves, importing the settings module can trigger an import of the tests. Since the settings module isn't fully imported yet, class-level override_settings statements may store a reference to an incorrect settings module. Eventually this will result in a crash during test teardown because the settings module restored by override_settings won't the one that was active during test setup. While Django should prevent this situation in the future by failing loudly in such dubious import sequences, that change won't be backported to 1.5 and 1.4. However, these versions received the "allowed hosts" patch and they're prone to "AttributeError: 'Settings' object has no attribute '_original_allowed_hosts'". To mitigate this regression, this commits stuffs _original_allowed_hosts on a random module instead of the settings module. This problem shouldn't occur in Django 1.6, see #20290, but this patch will be forward-ported for extra safety. Also tweaked backup variable names for consistency. Backport of 0261922 from stable/1.5.x. Conflicts: django/test/utils.py | |||
| 2013-05-31 | [1.4.x] Fixed #20326 - Corrected form wizard get_form() example. | Tim Graham | |
| Thanks tris@ for the report. Backport of 646a2216e9 from master | |||
| 2013-05-29 | [1.4.x] Fixed regroup example. | Gavin Wahl | |
| Chicago was missing. Backport of e6ff238 from master. | |||
| 2013-05-28 | [1.4.x] Fixed #20523 - Incorrect form field for FilePathField. | Tim Graham | |
| Thanks sane4ka.sh@ for the report. Backport of 1fdc3d256d from master | |||
| 2013-05-24 | [1.5.x] Fixed #20492 - Removed a broken link in GIS docs. | Tim Graham | |
| Backport of fbab3209fc from master | |||
| 2013-05-24 | [1.4.x] Updated link to jQuery Cookie plugin site | Alasdair Nicol | |
| Backport of 81f454a322 from master | |||
| 2013-05-14 | [1.4.x] Fixed a minor spelling mistake in the queryset documentation | Wilfred Hughes | |
| Backport of d258cce482 from master | |||
| 2013-05-13 | [1.5.X] Fixed #18883 -- added a missing self parameter in the docs | Alex Gaynor | |
| Backport of 17d57275f9 from master | |||
| 2013-03-30 | [1.4.X] Fixed #18277 - Clarified startproject documentation. | Tim Graham | |
| Backport of 33503600b5 from master | |||
| 2013-03-29 | [1.4.x] Fixed #20150 -- Fixed an error in manager doc example | Nimesh Ghelani | |
| Backport of 485c024567 from master | |||
| 2013-03-28 | [1.4.x] Bump version to no longer claim to be 1.4.5 final. | Carl Meyer | |
| 2013-03-26 | Merge pull request #962 from dstufft/document-bcrypt-truncation-1.4.x | Donald Stufft | |
| Document password truncation with BCryptPasswordHasher | |||
| 2013-03-26 | Document password truncation with BCryptPasswordHasher | Donald Stufft | |
| 2013-03-02 | [1.4.x] Fixed #19926 -- Fixed a link to code example in queries docs | Claude Paroz | |
| Thanks Randy Salvo for the report. | |||
| 2013-02-25 | [1.4.x] Fixed #18144 -- Restored compatibility with SHA1 hashes with empty salt. | Aymeric Augustin | |
| Thanks dahool for the report and initial version of the patch. Backport of 633d8de from master. | |||
| 2013-02-25 | [1.4.x] Fixed #19911 - Updated generic view links. | Tim Graham | |
| Thanks marc@ for the report. | |||
| 2013-02-25 | [1.4.x] Fixed #19728 - Updated API stability doc to reflect current meaning ↵ | Tim Graham | |
| of "stable". Backport of 132d5822b0 from master. | |||
| 2013-02-23 | [1.4.x] Fixed #19902 -- backport of as_view docs | Preston Holmes | |
| 2013-02-21 | [1.4.x] Made a couple of selenium tests wait for page loaded | Anssi Kääriäinen | |
| The admin_widgets tests were issuing click() to the browser but didn't wait for the effects of those clicks. This caused the resulting request to be processed concurrently with the test case. When using in-memory SQLite this caused weird failures. Also added wait_page_loaded() to admin selenium tests for code reuse. Fixed #19856, cherry-pick of 50677b29af39ca670274fb45087415c883c78b04 | |||
| 2013-02-20 | [1.4.x] Bump version numbers to roll a clean package.1.4.5 | James Bennett | |
| 2013-02-20 | [1.4.x] Note that ALLOWED_HOSTS default changes in Django 1.5. | Carl Meyer | |
| 2013-02-19 | [1.4.x] Fixed #19857 -- Fixed broken docs link in project template. | Carl Meyer | |
| 2013-02-19 | [1.4.x] Don't characterize XML vulnerabilities as DoS-only. | Carl Meyer | |
| 2013-02-19 | [1.4.x] Bump version numbers for security release.1.4.4 | James Bennett | |
| 2013-02-19 | [1.4.x] Update 1.4.4 release notes for all security fixes. | Carl Meyer | |
| 2013-02-19 | [1.4.x] Added a default limit to the maximum number of forms in a formset. | Aymeric Augustin | |
| This is a security fix. Disclosure and advisory coming shortly. | |||
| 2013-02-19 | [1.4.x] Checked object permissions on admin history view. | Carl Meyer | |
| This is a security fix. Disclosure and advisory coming shortly. Patch by Russell Keith-Magee. | |||
| 2013-02-19 | [1.4.x] Restrict the XML deserializer to prevent network and ↵ | Carl Meyer | |
| entity-expansion DoS attacks. This is a security fix. Disclosure and advisory coming shortly. | |||
| 2013-02-19 | [1.4.x] Added ALLOWED_HOSTS setting for HTTP host header validation. | Carl Meyer | |
| This is a security fix; disclosure and advisory coming shortly. | |||
| 2013-02-16 | [1.4.x] Fixed #19824 - Corrected the class described for Field.primary_key ↵ | Tim Graham | |
| from IntegerField to AutoField. Thanks Keryn Knight. Backport of 218bbef0c4 from master | |||
| 2013-02-16 | [1.4.x] Fixed #19812 - Removed a duplicate phrase in the widget docs. | Tim Graham | |
| Thanks diegueus9 for the report and itsallvoodoo for the draft patch. Backport of 7a80904b00 from master | |||
| 2013-02-16 | [1.4.x] Fixed #19719 - Removed misleading example from ModelForm documentation | Alex Hunley | |
| Backport of 976dc07baf from master | |||
| 2013-02-12 | [1.4.x] Fixed #19815 - Removed an unused import in tutorial 3. | Tim Graham | |
| Thanks pedro.calcao@ for the report. | |||
| 2013-02-13 | [1.4.x] Removed try-except in django.db.close_connection() | Anssi Kääriäinen | |
| The reason was that the except clause needed to remove a connection from the django.db.connections dict, but other parts of Django do not expect this to happen. In addition the except clause was silently swallowing the exception messages. Refs #19707, special thanks to Carl Meyer for pointing out that this approach should be taken. | |||
| 2013-02-11 | Fixed WSGIPythonPath instruction in deployment docs | Claude Paroz | |
| Partial backport of 3abf6105b6 from master. Refs #19042. | |||
