summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-08-13Added 1.4.6/1.5.2 release notes.1.4.6Tim Graham
2013-08-13Bumped version numbers for 1.4.6.Jacob Kaplan-Moss
2013-08-13Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S.Jacob Kaplan-Moss
This is a security fix; disclosure to follow shortly.
2013-08-12[1.4.x] Added missing release notes for older versions of DjangoTim Graham
Backport of 3f6cc33cff from master
2013-07-31[1.4.x] Added a bugfix in docutils 0.11 -- docs will now build properly.Tim Graham
Backport of a3a59a3197 from master
2013-07-31[1.4.x] Fixed #20779 -- Documented AdminSite.app_index_template; refs #8498.SusanTan
Thanks CollinAnderson for the report. Backport of 7de35a9ef3 from master
2013-07-25[1.4.x] Fixed #18315 -- Documented QueryDict.popitem and QueryDict.popmark hellewell
Thanks gcbirzan for the report. Backport of 8c9240222f from master
2013-07-25[1.4.x] Fixed #20792 -- Corrected DISALLOWED_USER_AGENTS docs.Brenton Cleeland
Thanks simonb for the report. Backport of dab52d99fc from master
2013-07-18[1.4.x] Atom specification URL updatedMatt Deacalion Stevens
Changed to the URL of the official RFC for Atom, since Atomenabled.org is just a holding page. Backport of beefc97171 from master
2013-07-17[1.4.x] Fixed #20756 -- Typo in uWSGI docs.Tim Graham
Backport of a3242dc9fe from master
2013-07-11[1.4.x] Fixed #20730 -- Fixed "Programmatically creating permissions" error.Tim Graham
Thanks glarrain for the report. Backport of 684a606a4e from master
2013-07-10[1.4.x] Fixed #19196 -- Added test/requirementsTim Graham
Backport of 4d92a0bd86 from master
2013-07-08[1.4.x] Fixed #18944 -- Documented PasswordResetForm's from_email argument ↵Tim Graham
as a backwards incompatible change for 1.3 Thanks DrMeers for the report. Backport of dab921751d from master
2013-06-27[1.4.x] Fixed #20665 -- Missing backslash in sitemaps documentationBaptiste Mispelon
Backport of 5005303ae7919eef26dab9f8ba279696966ebf1d from master.
2013-06-24[1.4.x] Fixed oversight in e3b6fed3. Refs #20636.Aymeric Augustin
2013-06-24[1.4.x] Fixed #20636 -- Stopped stuffing values in the settings.Aymeric Augustin
In Django < 1.6, override_settings restores the settings module that was active when the override_settings call was executed, not when it was run. This can make a difference when override_settings is applied to a class, since it's executed when the module is imported, not when the test case is run. In addition, if the settings module for tests is stored alongside the tests themselves, importing the settings module can trigger an import of the tests. Since the settings module isn't fully imported yet, class-level override_settings statements may store a reference to an incorrect settings module. Eventually this will result in a crash during test teardown because the settings module restored by override_settings won't the one that was active during test setup. While Django should prevent this situation in the future by failing loudly in such dubious import sequences, that change won't be backported to 1.5 and 1.4. However, these versions received the "allowed hosts" patch and they're prone to "AttributeError: 'Settings' object has no attribute '_original_allowed_hosts'". To mitigate this regression, this commits stuffs _original_allowed_hosts on a random module instead of the settings module. This problem shouldn't occur in Django 1.6, see #20290, but this patch will be forward-ported for extra safety. Also tweaked backup variable names for consistency. Backport of 0261922 from stable/1.5.x. Conflicts: django/test/utils.py
2013-05-31[1.4.x] Fixed #20326 - Corrected form wizard get_form() example.Tim Graham
Thanks tris@ for the report. Backport of 646a2216e9 from master
2013-05-29[1.4.x] Fixed regroup example.Gavin Wahl
Chicago was missing. Backport of e6ff238 from master.
2013-05-28[1.4.x] Fixed #20523 - Incorrect form field for FilePathField.Tim Graham
Thanks sane4ka.sh@ for the report. Backport of 1fdc3d256d from master
2013-05-24[1.5.x] Fixed #20492 - Removed a broken link in GIS docs.Tim Graham
Backport of fbab3209fc from master
2013-05-24[1.4.x] Updated link to jQuery Cookie plugin siteAlasdair Nicol
Backport of 81f454a322 from master
2013-05-14[1.4.x] Fixed a minor spelling mistake in the queryset documentationWilfred Hughes
Backport of d258cce482 from master
2013-05-13[1.5.X] Fixed #18883 -- added a missing self parameter in the docsAlex Gaynor
Backport of 17d57275f9 from master
2013-03-30[1.4.X] Fixed #18277 - Clarified startproject documentation.Tim Graham
Backport of 33503600b5 from master
2013-03-29[1.4.x] Fixed #20150 -- Fixed an error in manager doc exampleNimesh Ghelani
Backport of 485c024567 from master
2013-03-28[1.4.x] Bump version to no longer claim to be 1.4.5 final.Carl Meyer
2013-03-26Merge pull request #962 from dstufft/document-bcrypt-truncation-1.4.xDonald Stufft
Document password truncation with BCryptPasswordHasher
2013-03-26Document password truncation with BCryptPasswordHasherDonald Stufft
2013-03-02[1.4.x] Fixed #19926 -- Fixed a link to code example in queries docsClaude Paroz
Thanks Randy Salvo for the report.
2013-02-25[1.4.x] Fixed #18144 -- Restored compatibility with SHA1 hashes with empty salt.Aymeric Augustin
Thanks dahool for the report and initial version of the patch. Backport of 633d8de from master.
2013-02-25[1.4.x] Fixed #19911 - Updated generic view links.Tim Graham
Thanks marc@ for the report.
2013-02-25[1.4.x] Fixed #19728 - Updated API stability doc to reflect current meaning ↵Tim Graham
of "stable". Backport of 132d5822b0 from master.
2013-02-23[1.4.x] Fixed #19902 -- backport of as_view docsPreston Holmes
2013-02-21[1.4.x] Made a couple of selenium tests wait for page loadedAnssi Kääriäinen
The admin_widgets tests were issuing click() to the browser but didn't wait for the effects of those clicks. This caused the resulting request to be processed concurrently with the test case. When using in-memory SQLite this caused weird failures. Also added wait_page_loaded() to admin selenium tests for code reuse. Fixed #19856, cherry-pick of 50677b29af39ca670274fb45087415c883c78b04
2013-02-20[1.4.x] Bump version numbers to roll a clean package.1.4.5James Bennett
2013-02-20[1.4.x] Note that ALLOWED_HOSTS default changes in Django 1.5.Carl Meyer
2013-02-19[1.4.x] Fixed #19857 -- Fixed broken docs link in project template.Carl Meyer
2013-02-19[1.4.x] Don't characterize XML vulnerabilities as DoS-only.Carl Meyer
2013-02-19[1.4.x] Bump version numbers for security release.1.4.4James Bennett
2013-02-19[1.4.x] Update 1.4.4 release notes for all security fixes.Carl Meyer
2013-02-19[1.4.x] Added a default limit to the maximum number of forms in a formset.Aymeric Augustin
This is a security fix. Disclosure and advisory coming shortly.
2013-02-19[1.4.x] Checked object permissions on admin history view.Carl Meyer
This is a security fix. Disclosure and advisory coming shortly. Patch by Russell Keith-Magee.
2013-02-19[1.4.x] Restrict the XML deserializer to prevent network and ↵Carl Meyer
entity-expansion DoS attacks. This is a security fix. Disclosure and advisory coming shortly.
2013-02-19[1.4.x] Added ALLOWED_HOSTS setting for HTTP host header validation.Carl Meyer
This is a security fix; disclosure and advisory coming shortly.
2013-02-16[1.4.x] Fixed #19824 - Corrected the class described for Field.primary_key ↵Tim Graham
from IntegerField to AutoField. Thanks Keryn Knight. Backport of 218bbef0c4 from master
2013-02-16[1.4.x] Fixed #19812 - Removed a duplicate phrase in the widget docs.Tim Graham
Thanks diegueus9 for the report and itsallvoodoo for the draft patch. Backport of 7a80904b00 from master
2013-02-16[1.4.x] Fixed #19719 - Removed misleading example from ModelForm documentationAlex Hunley
Backport of 976dc07baf from master
2013-02-12[1.4.x] Fixed #19815 - Removed an unused import in tutorial 3.Tim Graham
Thanks pedro.calcao@ for the report.
2013-02-13[1.4.x] Removed try-except in django.db.close_connection()Anssi Kääriäinen
The reason was that the except clause needed to remove a connection from the django.db.connections dict, but other parts of Django do not expect this to happen. In addition the except clause was silently swallowing the exception messages. Refs #19707, special thanks to Carl Meyer for pointing out that this approach should be taken.
2013-02-11Fixed WSGIPythonPath instruction in deployment docsClaude Paroz
Partial backport of 3abf6105b6 from master. Refs #19042.