| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2013-09-15 | [1.5.x] Add release notes and bump version numbers for 1.5.4 security release.1.5.4 | James Bennett | |
| 2013-09-15 | [1.5.x] Ensure that passwords are never long enough for a DoS. | Russell Keith-Magee | |
| * Limit the password length to 4096 bytes * Password hashers will raise a ValueError * django.contrib.auth forms will fail validation * Document in release notes that this is a backwards incompatible change Thanks to Josh Wright for the report, and Donald Stufft for the patch. This is a security fix; disclosure to follow shortly. Backport of aae5a96d5754ad34e48b7f673ef2411a3bbc1015 from master. | |||
| 2013-09-14 | Fixed #21102 -- pickling a QuerySet with prefetches twice | Minjong Chung | |
| Fixed the bug that a QuerySet that prefetches related objects cannot be pickled and unpickled more than once (The second pickling attempt raises an exception). Added a new test for the queryset pickling idempotency. The bug was introduced by bac187c0d8e829fb3ca2ca82965eabbcbcb6ddd5. | |||
| 2013-09-13 | [1.5.x] Fixed #21101 -- Updated urlize documentation to mention email addresses | Goetz | |
| Backport of 39b49fd339 from master | |||
| 2013-09-13 | [1.5.x] Fixed #18923 -- Corrected usage of sensitive_post_parameters in ↵ | Tim Graham | |
| contrib.auth Thanks Collin Anderson for the report. Backport of 425d076d0c from master | |||
| 2013-09-13 | [1.5.x] Fixed #21094 -- Updated reuseable apps tutorial to use pip for ↵ | Tim Graham | |
| installation. Thanks ylb415 at gmail.com for the suggestion. Backport of e4aab1bb8d from master | |||
| 2013-09-13 | [1.5.x] Documentation -- added instructions on working with pull requests | Kevin Christopher Henry | |
| Since non-core contributors are asked to review patches, instructions on working with pull requests were added to the Working with Git and GitHub page (based on the existing instructions in the core committers page). Backport of 990ce9aab9 from master | |||
| 2013-09-11 | [1.5.x] Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH. | Tim Graham | |
| Thanks EvilDMP for the report and Russell Keith-Magee for the draft text. Backport of da843e7dba from master | |||
| 2013-09-11 | [1.5.x] Documentation -- Improved description of cache arguments | Kevin Christopher Henry | |
| - Fixed some grammar and formatting mistakes - Added the type and default for CULL_FREQUENCY - Made the note on culling the entire cache more precise. (It's actually slower on the filesystem backend.) Backport of 5eca021d48 from master | |||
| 2013-09-11 | [1.5.x] Bump version post-release. | Tim Graham | |
| 2013-09-10 | [1.5.x] Bump version numbers for 1.5.3 security release.1.5.3 | James Bennett | |
| 2013-09-10 | [1.5.x] Added 1.4.7/1.5.3 release notes | Tim Graham | |
| Backport of baec6a26dd from master | |||
| 2013-09-10 | [1.5.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative ↵ | Tim Graham | |
| paths. Thanks Rainer Koirikivi for the report and draft patch. This is a security fix; disclosure to follow shortly. Backport of 7fe5b656c9 from master | |||
| 2013-09-10 | [1.5.x] Fixed #21075 - Improved doc for calling call_command with arguments. | oz123 | |
| Backport of fca4c4826e from master | |||
| 2013-09-09 | [1.5.x] Fixed #20707 -- Added explicit quota assignment to Oracle test user | Садовский Николай | |
| To enable testing on Oracle 12c | |||
| 2013-09-07 | [1.5.x] Fixed #20005 -- Documented that Oracle databases need execute ↵ | Tim Graham | |
| permission on SYS.DBMS_LOB. Thanks jafula for the suggestion. Backport of a86ecc80a2 from master | |||
| 2013-09-07 | [1.5.x] Fixed #16992 -- Added InnoDB warning regarding reuse of ↵ | Keith Edmiston | |
| AUTO_INCREMENT values. Thanks kent at nsc.liu.se for the report. Backport of c54fa1a7bc from master | |||
| 2013-09-06 | [1.5.x] Fixed #19295 -- Documented that CachedStaticFilesStorage isn't ↵ | Keith Edmiston | |
| compatible with runserver --insecure. Backport of 028db97503 from master | |||
| 2013-09-06 | [1.5.x] Fixed #20646 -- Clarified the use of AbstractBaseUser.REQUIRED_FIELDS | Tim Graham | |
| Thanks craigbruce. Backport of db3de52807 from master | |||
| 2013-09-05 | [1.5.x] Fixed #21047 -- Added CLA mesage on the new contributor advice doc | micahhausler | |
| Backport of 93dd31cadf from master | |||
| 2013-09-05 | [1.5.x] Fixed #20900 -- Documented RemoteUserBackend.authenticate | Tim Graham | |
| Backport of 7b62b80693 from master | |||
| 2013-09-05 | Fixed #19211 -- Adapted tutorial for Python 3 | Claude Paroz | |
| Backport of 7cc3acbb7 from master. | |||
| 2013-09-04 | [1.5.x] Fixed #20958 -- Documented that GenericForeignKey fields can't be ↵ | Tim Graham | |
| accessed in forms. Thanks marky1991. Backport of 533d1ab334 from master | |||
| 2013-09-04 | [1.5.x] Fixed #21002 -- Documented JSON session serialization requires ↵ | Tim Graham | |
| string keys Thanks jeroen.pulles at redslider.net for the report. Backport of 3baf1d1042 from master. | |||
| 2013-08-31 | [1.5.x] Made the doc about translating string literals in templates more ↵ | Loic Bistuer | |
| prominent. Backport of 9885f07757 from master | |||
| 2013-08-29 | [1.5.x] Added links to file docs. | Jorge C. Leitão | |
| Backport of d72f83c410 from master | |||
| 2013-08-28 | [1.5.x] Minor spelling correction in ModelForms docs | Phaneendra Chiruvella | |
| Backport of 2fbf949760 from master | |||
| 2013-08-27 | [1.5.x] Fixed #20981 -- Noted the default value of disable_existing_loggers. | Krzysztof Jurewicz | |
| Backport of 095643e691 from master | |||
| 2013-08-27 | [1.5.x] Fixed typo in docs/topics/conditional-view-processing.txt | Jan Böcker | |
| Backport of 5fd2c979cb from master | |||
| 2013-08-22 | [1.5.x] Typos introduced in 57c82f909b. | Ramiro Morales | |
| 2013-08-22 | [1.5.x] Fixed #20922 -- Allowed customizing the serializer used by ↵ | Tim Graham | |
| contrib.sessions Added settings.SESSION_SERIALIZER which is the import path of a serializer to use for sessions. Thanks apollo13, carljm, shaib, akaariai, charettes, and dstufft for reviews. Backport of b0ce6fe656 from master | |||
| 2013-08-22 | [1.5.x] Documentation -- Clarified use of 'view' in test client introduction. | Kevin Christopher Henry | |
| Backport of 2e926b041c from master | |||
| 2013-08-22 | [1.5.x] Fixed #20944 -- Removed inaccurate statement about View.dispatch(). | Marc Tamlyn | |
| Backport of bac4d03ce6 from master | |||
| 2013-08-22 | [1.5.x] Made description of LANGUAGE_CODE setting more clear. | Ramiro Morales | |
| 297f5af222 from master. | |||
| 2013-08-20 | [1.5.x] Documentation - Noted that OneToOneField doesn't respect unique. | Kevin Christopher Henry | |
| Added OneToOneField to the list of model fields for which the unique argument isn't valid. (OneToOneFields are inherently unique, and if the user supplies a value for unique it is ignored / overwritten.) | |||
| 2013-08-15 | [1.5.x] Fixed a rest mistake I introduced in d5ce2ff. | Aymeric Augustin | |
| Backport of 753edfa4b5 from master | |||
| 2013-08-15 | [1.5.x] Fixed #20444 -- Cookie-based sessions does not include a remote code ↵ | Erik Romijn | |
| execution-warning Backport of d5ce2ff5e4 from master | |||
| 2013-08-14 | [1.5.x] Fixed link in 1.5.2 release notes | Tim Graham | |
| 2013-08-14 | [1.5.x] Added some doc links for django.contrib.messages | Tim Graham | |
| Backport of b6178fa24b from master | |||
| 2013-08-13 | Bump version post-release. | Jacob Kaplan-Moss | |
| 2013-08-13 | Added 1.4.6/1.5.2 release notes.1.5.2 | Tim Graham | |
| 2013-08-13 | Bumped version numbers for 1.5.2. | Jacob Kaplan-Moss | |
| 2013-08-13 | Apply autoescaping to AdminURLFieldWidget. | Jacob Kaplan-Moss | |
| This is a security fix; disclosure to follow shortly. | |||
| 2013-08-13 | Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S. | Jacob Kaplan-Moss | |
| This is a security fix; disclosure to follow shortly. | |||
| 2013-08-12 | [1.5.x] Added missing release notes for older versions of Django | Tim Graham | |
| Backport of 3f6cc33cff from master | |||
| 2013-08-10 | [1.5.x] Fixed #20890 -- Added missing import in class-based view docs. | Tim Graham | |
| Thanks André Augusto. Backport of ab680725bf from master | |||
| 2013-08-09 | [1.5.x] Fixed #20868 -- Added an email to django-announce as a security step. | Tim Graham | |
| Thanks garrison for the report. Backport of 5737c57d95 from master | |||
| 2013-08-08 | [1.5.x] Added an anchor for django.forms.Form.clean in docs | Tim Graham | |
| Backport of 8442268869 from master | |||
| 2013-08-08 | [1.5.x] Clarified meaning of models.User.is_authenticated() | Jaime Irurzun | |
| Backport of f96fe3cd1e from master | |||
| 2013-08-08 | [1.5.x] Added more on @cached_property, refs #20870 | Daniele Procida | |
| Backport of 7e6af9d40c from master | |||
