summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-10-24[1.4.x] Bump everything for 1.4.9 bugfix release.1.4.9James Bennett
2013-10-23[1.4.x] Bumped release date for 1.5.5 & 1.4.9.Tim Graham
Backport of 4ce5c119b5 from master
2013-10-23Fixed #13245: Explained Oracle's behavior w.r.t db_tableShai Berger
and how to prevent table-name truncation Thanks russellm & timo for discussion, and timo for review. Backported from master 317040a73b77be8f8210801793b2ce6d1a69301e
2013-10-22[1.4.x] Added 1.4.9 release notesTim Graham
Backport of 2eb8f15516 from master
2013-10-21[1.4.x] Fixed #21253 -- PBKDF2 with cached HMAC keyFlorian Apolloner
This gives a 2x speed increase compared to the existing implementation. Thanks to Steve Thomas for the initial patch and Tim Graham for finishing it. Backport of 1e4f53a6eb8d1816e51eb8bd8f95e704f6b89ead from master.
2013-10-13[1.4.x] Fixed #21256 -- Error in datetime_safe.datetime.combine.Aymeric Augustin
Backport of d9b6fb8 from master
2013-10-09[1.4.x] Fixed #21248 -- Skipped test_bcrypt if no py-bcrypt foundAnssi Kääriäinen
Pre 1.6 Django worked only with py-bcrypt, not with bcrypt. Skipped test_bcrypt when using bcrypt to avoid false positives. Backpatch of 9f8a36eb20895d9e542820d5190bfa77ad1b85d9 from stable/1.5.x.
2013-09-24[1.4.x] Fixed #21138 -- Increased the performance of our PBKDF2 implementation.Florian Apolloner
Thanks go to Michael Gebetsroither for pointing out this issue and help on the patch. Backport of 68540fe4df44492571bc610a0a043d3d02b3d320 from master.
2013-09-24Revert "[1.4.x] Ensure that passwords are never long enough for a DoS."Florian Apolloner
This reverts commit 3f3d887a6844ec2db743fee64c9e53e04d39a368. This fix is no longer necessary, our pbkdf2 (see next commit) implementation no longer rehashes the password every iteration.
2013-09-15[1.4.x] Cleaned up 1.4.8 release notesTim Graham
Backport of 8d29005524 from master
2013-09-15[1.4.x] Bump version post-release.Tim Graham
2013-09-15[1.4.x] Fixed geos test to prevent random failureClaude Paroz
Points in the test fixtures have 20 as max coordinate. Backport of 87854b0bdf354059f949350a4d63a0ed071d564c from master.
2013-09-15[1.4.x] Removed usage of b"" string syntax for Python 2.5 compatibility.1.4.8Russell Keith-Magee
Refs commit 3f3d887a6844ec2db743fee64c9e53e04d39a368.
2013-09-14[1.4.x] Add release notes and bump version numbers for 1.4.8 security release.James Bennett
2013-09-15[1.4.x] Ensure that passwords are never long enough for a DoS.Russell Keith-Magee
* Limit the password length to 4096 bytes * Password hashers will raise a ValueError * django.contrib.auth forms will fail validation * Document in release notes that this is a backwards incompatible change Thanks to Josh Wright for the report, and Donald Stufft for the patch. This is a security fix; disclosure to follow shortly. Backport of aae5a96d5754ad34e48b7f673ef2411a3bbc1015 from master.
2013-09-13Fixed #18923 -- Corrected usage of sensitive_post_parameters in contrib.authTim Graham
Thanks Collin Anderson for the report. Backport of 425d076d0c from master
2013-09-11[1.4.x] Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH.Tim Graham
Thanks EvilDMP for the report and Russell Keith-Magee for the draft text. Backport of da843e7dba from master
2013-09-11Merge pull request #1616 from loic/fix1.4Florian Apolloner
Fixed failing test introduced by 87d2750b39.
2013-09-11[1.4.x] Bump version post-release.Tim Graham
2013-09-11Fixed failing test introduced by 87d2750b39.Loic Bistuer
The {% ssi %} tag in Django 1.4 doesn't support spaces in its argument. Skip the test if run from a location that contains a space.
2013-09-10[1.4.x] Bump version numbers for 1.4.7 security release.1.4.7James Bennett
2013-09-10Added 1.4.7 release notesTim Graham
Backport of baec6a26dd from master
2013-09-10[1.4.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative ↵Tim Graham
paths. Thanks Rainer Koirikivi for the report and draft patch. This is a security fix; disclosure to follow shortly. Backport of 7fe5b656c9 from master
2013-09-09[1.4.x] Fixed #20707 -- Added explicit quota assignment to Oracle test userСадовский Николай
To enable testing on Oracle 12c
2013-08-18[1.4.x] Fixed #20907 - Test failure on OracleShai Berger
Backport of the Oracle-specific part of commit a18e43c5bb8cb7c82 from master. This commit made get_indexes more consistent across backends. Thanks Tim Graham for pointer to the commit, akaariai and ikelly for the original commit.
2013-08-17[1.4.x] Fixed #20904: Test failure on OracleShai Berger
Just skip the failing test, the failure isn't really relevant; also, both the test and the reason for its failure were removed in 1.5. Thanks Tim Graham for advice on 1.5.
2013-08-16[1.4.x] Fixed #20906 -- Fixed a dependence on set-ordering in testsLuke Plant
Backport of 1ae64e96c1 from master
2013-08-16[1.4.x] Fixed #20905 -- Fixed an Oracle-specific test case failureAnssi Kääriäinen
Made a test checking ORM-generated query string case-insensitive. Backport of ee0a7c741e from master
2013-08-13Fixed regression in validation tests since example.com is available via ↵Florian Apolloner
https now.
2013-08-13Bump version post-release.Jacob Kaplan-Moss
2013-08-13[1.4.x] Removed 1.5.2 release notesTim Graham
2013-08-13Stole the Makefile for building packages from master.Jacob Kaplan-Moss
2013-08-13Added 1.4.6/1.5.2 release notes.1.4.6Tim Graham
2013-08-13Bumped version numbers for 1.4.6.Jacob Kaplan-Moss
2013-08-13Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S.Jacob Kaplan-Moss
This is a security fix; disclosure to follow shortly.
2013-08-12[1.4.x] Added missing release notes for older versions of DjangoTim Graham
Backport of 3f6cc33cff from master
2013-07-31[1.4.x] Added a bugfix in docutils 0.11 -- docs will now build properly.Tim Graham
Backport of a3a59a3197 from master
2013-07-31[1.4.x] Fixed #20779 -- Documented AdminSite.app_index_template; refs #8498.SusanTan
Thanks CollinAnderson for the report. Backport of 7de35a9ef3 from master
2013-07-25[1.4.x] Fixed #18315 -- Documented QueryDict.popitem and QueryDict.popmark hellewell
Thanks gcbirzan for the report. Backport of 8c9240222f from master
2013-07-25[1.4.x] Fixed #20792 -- Corrected DISALLOWED_USER_AGENTS docs.Brenton Cleeland
Thanks simonb for the report. Backport of dab52d99fc from master
2013-07-18[1.4.x] Atom specification URL updatedMatt Deacalion Stevens
Changed to the URL of the official RFC for Atom, since Atomenabled.org is just a holding page. Backport of beefc97171 from master
2013-07-17[1.4.x] Fixed #20756 -- Typo in uWSGI docs.Tim Graham
Backport of a3242dc9fe from master
2013-07-11[1.4.x] Fixed #20730 -- Fixed "Programmatically creating permissions" error.Tim Graham
Thanks glarrain for the report. Backport of 684a606a4e from master
2013-07-10[1.4.x] Fixed #19196 -- Added test/requirementsTim Graham
Backport of 4d92a0bd86 from master
2013-07-08[1.4.x] Fixed #18944 -- Documented PasswordResetForm's from_email argument ↵Tim Graham
as a backwards incompatible change for 1.3 Thanks DrMeers for the report. Backport of dab921751d from master
2013-06-27[1.4.x] Fixed #20665 -- Missing backslash in sitemaps documentationBaptiste Mispelon
Backport of 5005303ae7919eef26dab9f8ba279696966ebf1d from master.
2013-06-24[1.4.x] Fixed oversight in e3b6fed3. Refs #20636.Aymeric Augustin
2013-06-24[1.4.x] Fixed #20636 -- Stopped stuffing values in the settings.Aymeric Augustin
In Django < 1.6, override_settings restores the settings module that was active when the override_settings call was executed, not when it was run. This can make a difference when override_settings is applied to a class, since it's executed when the module is imported, not when the test case is run. In addition, if the settings module for tests is stored alongside the tests themselves, importing the settings module can trigger an import of the tests. Since the settings module isn't fully imported yet, class-level override_settings statements may store a reference to an incorrect settings module. Eventually this will result in a crash during test teardown because the settings module restored by override_settings won't the one that was active during test setup. While Django should prevent this situation in the future by failing loudly in such dubious import sequences, that change won't be backported to 1.5 and 1.4. However, these versions received the "allowed hosts" patch and they're prone to "AttributeError: 'Settings' object has no attribute '_original_allowed_hosts'". To mitigate this regression, this commits stuffs _original_allowed_hosts on a random module instead of the settings module. This problem shouldn't occur in Django 1.6, see #20290, but this patch will be forward-ported for extra safety. Also tweaked backup variable names for consistency. Backport of 0261922 from stable/1.5.x. Conflicts: django/test/utils.py
2013-05-31[1.4.x] Fixed #20326 - Corrected form wizard get_form() example.Tim Graham
Thanks tris@ for the report. Backport of 646a2216e9 from master
2013-05-29[1.4.x] Fixed regroup example.Gavin Wahl
Chicago was missing. Backport of e6ff238 from master.