| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-09-23 | [3.1.x] Fixed #32012 -- Made test database creation sync apps models when ↵ | Mariusz Felisiak | |
| migrations are disabled. Thanks Jaap Roes for the report. Backport of 77caeaea888d1744416b213036ff29699758de76 from master | |||
| 2020-08-31 | [3.1.x] Fixed #31934 -- Added note about the default of SameSite cookie flag ↵ | Hasan Ramezani | |
| in modern browsers. Backport of 70731fc6feeb40eab535781e938b0e67ff0077ad from master | |||
| 2020-08-04 | [3.1.x] Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting. | Mariusz Felisiak | |
| It's a transitional setting helpful in migrating multiple instance of the same project to Django 3.1+. Thanks Markus Holtermann for the report and review, Florian Apolloner for the implementation idea and review, and Carlton Gibson for the review. Backport of d907371ef99a1e4ca6bc1660f57d81f265750984 from master. | |||
| 2020-07-23 | [3.1.x] Fixed #31821 -- Removed outdated note in FILE_UPLOAD_PERMISSIONS docs. | Harpreet Sharma | |
| Follow up to 22aab8662f0368b63f91f2526bdd0532524bc0fe Backport of 248d03fbe932b0844c628e56dafba334f9e028e4 from master | |||
| 2020-07-22 | [3.1.x] Fixed #31814 -- Fixed typo in docs/ref/settings.txt. | Buk Bukowski | |
| Backport of f65454801bfa13fc043fee0aca8f49af41380683 from master | |||
| 2020-07-20 | [3.1.x] Improved description of USE_THOUSAND_SEPARATOR setting. | Adam Johnson | |
| Backport of 80f92177eb2a175579f4a6907ef5a358863bddca from master | |||
| 2020-06-15 | [3.1.x] Fixed #31696 -- Updated OWASP links in docs. | Hasan Ramezani | |
| Backport of a16080810bee8b3baf9ae7ac7b8433cb7b293e00 from master | |||
| 2020-05-25 | [3.1.x] Refs #23097 -- Used new octal format in FILE_UPLOAD_PERMISSIONS docs. | René Fleschenberg | |
| Backport of f24b59267be2e5fc5bd1252efda3aed19f860813 from master | |||
| 2020-05-21 | [3.1.x] Fixed #31608 -- Doc'd that form ISO 8601 datetime parsing always ↵ | Hasan Ramezani | |
| retains tzinfo. Backport of 643207efaebbff4e7c3ebcbf9ca49fb6197137e1 from master | |||
| 2020-05-05 | Refs #28622 -- Corrected PASSWORD_RESET_TIMEOUT/PASSWORD_RESET_TIMEOUT_DAYS ↵ | Chris Burchhardt | |
| docs. Removed outdated note about an extra day in PASSWORD_RESET_TIMEOUT docs and incorrect "minimum" phrase. | |||
| 2020-04-28 | Fixed broken links in docs. | Mariusz Felisiak | |
| 2020-03-27 | Fixed #31400 -- Doc'd the expected type of CONN_MAX_AGE database option. | Hasan Ramezani | |
| 2020-02-05 | Fixed #31232 -- Changed default SECURE_REFERRER_POLICY to 'same-origin'. | Adam Johnson | |
| 2020-01-29 | Fixed #31126 -- Doc'd STATICFILES_DIRS namespacing in static files how-to. | Abhijeet | |
| 2020-01-16 | Fixed #30752 -- Allowed using ExceptionReporter subclasses in error reports. | Pavel Lysak | |
| 2020-01-07 | Fixed #15982 -- Added DATE_INPUT_FORMATS to forms.DateTimeField default ↵ | Claude Paroz | |
| input formats. | |||
| 2019-12-12 | Fixed #30862 -- Allowed setting SameSite cookies flags to 'none'. | Osaetin Daniel | |
| Thanks Florian Apolloner and Carlton Gibson for reviews. | |||
| 2019-12-05 | Fixed #31010 -- Allowed subdomains of localhost in the Host header by ↵ | Gordon Pendleton | |
| default when DEBUG=True. | |||
| 2019-12-04 | Fixed #23524 -- Allowed DATABASES['TIME_ZONE'] option on PostgreSQL. | Aymeric Augustin | |
| 2019-11-27 | Fixed #31029 -- Used more specific links to RFCs. | Baptiste Mispelon | |
| 2019-11-25 | Refs #25388 -- Corrected value of TEST MIGRATE setting in MIGRATION_MODULES ↵ | Jon Dufresne | |
| docs. | |||
| 2019-11-20 | Fixed #25388 -- Added an option to allow disabling of migrations during test ↵ | Jon Dufresne | |
| database creation. | |||
| 2019-11-06 | Refs #29983 -- Added pathlib.Path support to the file email backend. | Jon Dufresne | |
| 2019-11-06 | Added a link to the file email backend from EMAIL_FILE_PATH setting. | Jon Dufresne | |
| 2019-10-11 | Clarified that SECURE_REDIRECT_EXEMPT patterns should not include leading ↵ | René Fleschenberg | |
| slashes. | |||
| 2019-09-25 | Fixed #25598 -- Added SCRIPT_NAME prefix to STATIC_URL and MEDIA_URL set to ↵ | Oleg Kainov | |
| relative paths. Thanks Florian Apolloner for reviews. Co-authored-by: Joel Dunham <Joel.Dunham@technicalsafetybc.ca> | |||
| 2019-09-23 | Fixed typo in docs/ref/settings.txt. | Mariusz Felisiak | |
| 2019-09-20 | Refs #28622 -- Clarified security implications of PASSWORD_RESET_TIMEOUT. | Luke Plant | |
| 2019-09-20 | Fixed #28622 -- Allowed specifying password reset link expiration in seconds ↵ | Hasan Ramezani | |
| and deprecated PASSWORD_RESET_TIMEOUT_DAYS. | |||
| 2019-09-13 | Fixed typos in docs/ref/settings.txt. | Ben Falk | |
| 2019-09-10 | Refs #29817 -- Removed settings.FILE_CHARSET per deprecation timeline. | Mariusz Felisiak | |
| 2019-09-10 | Removed versionadded/changed annotations for 2.2. | Mariusz Felisiak | |
| 2019-09-09 | Fixed #29406 -- Added support for Referrer-Policy header. | Nick Pope | |
| Thanks to James Bennett for the initial implementation. | |||
| 2019-09-09 | Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY. | Claude Paroz | |
| 2019-09-06 | Fixed #30573 -- Rephrased documentation to avoid words that minimise the ↵ | Tobias Kunze | |
| involved difficulty. This patch does not remove all occurrences of the words in question. Rather, I went through all of the occurrences of the words listed below, and judged if they a) suggested the reader had some kind of knowledge/experience, and b) if they added anything of value (including tone of voice, etc). I left most of the words alone. I looked at the following words: - simply/simple - easy/easier/easiest - obvious - just - merely - straightforward - ridiculous Thanks to Carlton Gibson for guidance on how to approach this issue, and to Tim Bell for providing the idea. But the enormous lion's share of thanks go to Adam Johnson for his patient and helpful review. | |||
| 2019-08-18 | Refs #30426 -- Changed default SECURE_CONTENT_TYPE_NOSNIFF to True. | Claude Paroz | |
| 2019-08-05 | Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER ↵ | Adnan Umer | |
| setting. | |||
| 2019-07-01 | Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵ | Carlton Gibson | |
| SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review. | |||
| 2019-06-11 | Changed charset and collation link to MySQL docs. | Mykola Nicholas | |
| 2019-05-27 | Refs #29548 -- Updated docs for MariaDB support. | Mariusz Felisiak | |
| 2019-04-24 | Fixes #30342 -- Removed a system check for LANGUAGES_BIDI setting. | Matthias Kestenholz | |
| This partly reverts commit 4400d8296d268f5a8523cd02ddc33b12219b2535. | |||
| 2019-04-08 | Fixed #30304 -- Added support for the HttpOnly, SameSite, and Secure flags ↵ | Ran Benita | |
| on language cookies. | |||
| 2019-04-02 | Fixed typo in docs/ref/settings.txt. | Mariusz Felisiak | |
| 2019-03-29 | Removed unnecessary /static from links to PostgreSQL docs. | Nick Pope | |
| 2019-03-28 | Moved extlinks in docs config to allow using 'version' variable. | Tim Graham | |
| After a stable branch is created, 'master' will change to 'stable/' + version + '.x'. | |||
| 2019-03-28 | Used extlinks for Django's source code. | Tim Graham | |
| 2019-03-28 | Refs #1660 -- Doc'd the LANGUAGES_BIDI setting. | Nick Pope | |
| 2019-03-27 | Updated spelling and RFCs in HttpOnly cookie flag docs. | Nick Pope | |
| 2019-02-08 | Fixed #30004 -- Changed default FILE_UPLOAD_PERMISSION to 0o644. | Himanshu Lakhara | |
| 2019-02-06 | Refs #27753 -- Favored force/smart_str() over force/smart_text(). | Aymeric Augustin | |
