summaryrefslogtreecommitdiff
path: root/docs/releases
AgeCommit message (Collapse)Author
2016-03-01Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.Mark Striemer
This is a security fix.
2016-03-01Added stub release notes for security issues.Tim Graham
2016-02-29Fixed #26186 -- Documented how app relative relationships of abstract models ↵Simon Charette
behave. This partially reverts commit bc7d201bdbaeac14a49f51a9ef292d6312b4c45e. Thanks Tim for the review. Refs #25858.
2016-02-27Fixed #26230 -- Made default_related_name affect related_query_name.chenesan
2016-02-26Fixed #26286 -- Prevented content type managers from sharing their cache.Simon Charette
This should prevent managers methods from returning content type instances registered to foreign apps now that these managers are also attached to models created during migration phases. Thanks Tim for the review. Refs #23822.
2016-02-26Fixed #25279 -- Made prefetch_related_objects() public.Adam Chainz
2016-02-26Fixed #24793 -- Unified temporal difference support.Simon Charette
2016-02-26Fixed #26280 -- Fixed cached template loader crash when loading nonexistent ↵Ivan Tsouvarev
template.
2016-02-25Fixed #26231 -- Used .get_username in admin login template.Sjoerd Job Postmus
2016-02-25Fixed #12233 -- Allowed redirecting authenticated users away from the login ↵Olivier Le Thanh Duong
view. contrib.auth.views.login() has a new parameter `redirect_authenticated_user` to automatically redirect authenticated users visiting the login page. Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer for the help and review.
2016-02-24Fixed #26266 -- Output the primary key in the GeoJSON serializer propertiesClaude Paroz
Thanks Tim Graham for the review.
2016-02-24Fixed #26267 -- Fixed BoundField to reallow slices of subwidgets.Jon Dufresne
2016-02-23Fixed #23832 -- Added timezone aware Storage API.James Aylett
New Storage.get_{accessed,created,modified}_time() methods convert the naive time from now-deprecated {accessed,created_modified}_time() methods into aware objects in UTC if USE_TZ=True.
2016-02-23Fixed #25670 -- Allowed dictsort to sort a list of lists.Andrew Kuchev
Thanks Tim Graham for the review.
2016-02-23Fixed #26263 -- Deprecated Context.has_key()Tim Graham
2016-02-23Fixed #26190 -- Returned handle() result from call_commandClaude Paroz
Thanks Tim Graham for the review.
2016-02-22Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS.Tim Graham
2016-02-22Refs #26253 -- Forwardported release note.Tim Graham
2016-02-18Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator.Tim Graham
Thanks Shai Berger for the review.
2016-02-18Fixed #26107 -- Added option to int_list_validator() to allow negative integers.Akshesh
2016-02-17Fixed #26219 -- Fixed crash when filtering by Decimal in RawQuery.Akshesh
2016-02-17Fixed #25735 -- Added support for test tags to DiscoverRunner.Jakub Paczkowski
Thanks Carl Meyer, Claude Paroz, and Simon Charette for review.
2016-02-16Fixed #26215 -- Fixed RangeField/ArrayField serialization with None valuesClaude Paroz
Also added tests for HStoreField and JSONField. Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and the review.
2016-02-15Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable.Alexey Kotlyarov
2016-02-13Fixed #11665 -- Made TestCase check deferrable constraints after each test.Jon Dufresne
2016-02-12Fixed #25304 -- Allowed management commands to check if migrations are applied.Mounir Messelmeni
2016-02-11Fixed #26196 -- Made sure __in lookups use to_field as default.Anssi Kääriäinen
Thanks Simon Charette for the test.
2016-02-11Fixed #26179 -- Removed null assignment check for non-nullable foreign key ↵ZachLiuGIS
fields.
2016-02-11Fixed #26153 -- Reallowed Q-objects in ↵Anssi Kääriäinen
ForeignObject.get_extra_descriptor_filter().
2016-02-10Fixed #26014 -- Added WSGIRequest content_type and content_params attributes.Curtis Maloney
Parsed the CONTENT_TYPE header once and recorded it on the request.
2016-02-10Fixed #26154 -- Deprecated CommaSeparatedIntegerFieldBrobin
2016-02-09Refs #26112 -- Fixed aggregate GIS test on Oracle.Shai Berger
Made sure the test doesn't try to aggregate over MultiPolygonField and made AreaField turn decimals into floats on the way from the DB. Thanks Daniel Wiesmann, Jani Tiainen, and Tim Graham for review and discussion.
2016-02-08Fixed #26162 -- Checked query name clashes of hidden relationships.Simon Charette
Although reverse accessor clashes should be skipped query name can't be hidden. Thanks to Ian Foote and Tim Graham for the review.
2016-02-08Refs #24007 -- Removed an apps.populate() call in model unpickling that can ↵Tim Graham
cause deadlocks.
2016-02-08Fixed #26177 -- Fixed a PostgreSQL crash with TIME_ZONE=None and USE_TZ=False.Tim Graham
2016-02-06Fixed title formatting in backwards-incompat section of 1.10 release notesShai Berger
2016-02-06Added stub release notes for 1.8.10.Tim Graham
2016-02-05Fixed #25833 -- Added support for non-atomic migrations.Pankrat
Added the Migration.atomic attribute which can be set to False for non-atomic migrations.
2016-02-04Fixed #26144 -- Warned when dumping proxy model without concrete parent.Yoong Kang Lim
2016-02-04Fixed #26089 -- Removed custom user test models from public API.Simon Charette
Thanks to Tim Graham for the review.
2016-02-04Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.Hugo Osvaldo Barrera
After a user logs out via auth.views.logout(), they're redirected to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-03Fix typos in 1.8 release notes.Carl Meyer
2016-02-02Fixed #25731 -- Removed unused choices kwarg for Select.render()jpic
2016-02-02Fixed #23971 -- Added "Has date"/"No date" choices for DateFieldListFilter.rynomster
2016-02-02Refs #26089 -- Removed obsolete docs about custom user model testing.Tim Graham
2016-02-01Fixed #26155 -- Skipped URL checks if no ROOTURL_CONF setting.Buddy Lindsey, Jr
2016-02-01Added CVE-2016-2048 to the security archive.Tim Graham
2016-02-01Added stub release notes for 1.9.3.Tim Graham
2016-02-01Added release dates for 1.9.2 and 1.8.9.Tim Graham
2016-02-01Fixed incorrect permissions check for admin's "Save as new".Myk Willis
This is a security fix.