summaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
2019-07-01[1.11.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵Carlton Gibson
SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review. Backport of 54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 from master.
2019-07-01[1.11.x] Added stub release notes for security releases.Mariusz Felisiak
Backport of 30b3ee9d0b33bb440f9c73d1ce9e0e7303887a9f from master
2019-06-03[1.11.x] Added CVE-2019-12308 to the security release archive.Nick Pope
Backport of 21b1d239125f1228e579b1ce8d94d4d5feadd2a6 from master
2019-06-03[1.11.x] Added CVE-2019-11358 to the security release archive.Nick Pope
Backport of 8fb0ea55830321852a4a051a478f78e24d4f6889 from master
2019-06-03[1.11.x] Fixed typo in 1.11.21 release notes.Mariusz Felisiak
Backport of 100ec901aebebe56b61f101af38a228414098dd5 from master.
2019-06-03[1.11.x] Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL ↵Carlton Gibson
before rendering clickable link. Backport of deeba6d92006999fee9adfbd8be79bf0a59e8008 from master.
2019-06-03[1.11.x] Added stub release notes for security releases.Carlton Gibson
Backport of 98c0fe19ee2cba9726708ac9336e1dc0d43cca69 from master
2019-04-07[1.11.x] Refs #27807 -- Removed docs for User.username_validator.Tim Graham
The new override functionality claimed in refs #21379 doesn't work. Forwardport of 714fdbaa7048c2321f6238d9421137c33d9af7cc from stable/1.10.x.
2019-04-05[1.11.x] Refs #30331 -- Doc'd that psycopg2 < 2.8 is required.Mariusz Felisiak
Backport of 0a8617a5b1cac7063f30e4d8ff4ea4c30748f7b8 from stable/2.1.x.
2019-03-21[1.11.x] Fixed #30277 -- Fixed broken links to packaging.python.org.Tim Graham
Backport of 8f1cc7e9e61758475ddd6586e0fede4af1ca0e8d from master.
2019-02-11[1.11.x] Added CVE-2019-6975 to the security release archive.Tim Graham
Backport of d6e5aad5c7eba3d8061c09902de16cd2b22619af from master.
2019-02-11[1.11.x] Refs #30175 -- Added release notes for 1.11.20 release.Carlton Gibson
Backport of b39bd0aa6d5667d6bbcf7d349a1035c676e3f972 from master
2019-02-11[1.11.x] Fixed CVE-2019-6975 -- Fixed memory exhaustion in ↵Carlton Gibson
utils.numberformat.format(). Thanks Sjoerd Job Postmus for the report and initial patch. Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review. Backport of 402c0caa851e265410fbcaa55318f22d2bf22ee2 from master.
2019-02-08[1.11.x] Removed extra characters in docs header underlines.Mariusz Felisiak
Backport of 25829197bb94585e94695360065ac614aa9e6a56 from master
2019-02-07Added stub release notes for security releases.Carlton Gibson
# Conflicts: # docs/releases/2.1.6.txt
2019-02-01[1.11.x] Used extlinks for GitHub commits.Tim Graham
Backport of c34c6d0a2fc6d9bc55fb2db94b9ed40141babb15 from master.
2019-02-01[1.11.x] Replaced CVE/ticket roles with extlinks.Tim Graham
Backport of 44f98f78804627839d5f0a8b3a32bfbb4546ff52 from master.
2019-02-01[1.11.x] Refs #30150 -- Doc'd that MySQL 8 isn't supported.Tim Graham
2019-01-04[1.11.x] Added CVE-2019-3498 to the security release archive.Tim Graham
Backport of 162ae9c9143aa85eb27ea69b446a28973eea4854 from master.
2019-01-03[1.11.x] Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in ↵Tom Hacohen
the default 404 page. Co-Authored-By: Tim Graham <timograham@gmail.com> Backport of 1ecc0a395be721e987e8e9fdfadde952b6dee1c7 from master.
2018-12-27[1.11.x] Fixed broken links to PyYAML page.CHI Cheng
Backport of b7dbd5ff68bb9d2235ca081c0bd0b8baa65f8c77 from master.
2018-12-05[1.11.x] Refs #30013 -- Doc'd that mysqlclient 1.3.14 and later isn't supported.Tim Graham
2018-12-03[1.11.x] Added release date for 1.11.17.Carlton Gibson
Backport of 950112548e61098f442d37a8ded4ef9f83ff8fda from master
2018-11-17[1.11.x] Removed usage of deprecated sphinx APIs.Tim Graham
Backport of cc4bb110d31f18d2931fd79d792d3ac09cce19e5 from master.
2018-11-17[1.11.x] Refs #28814 -- Documented Python 3.7 compatibility.Asif Saifuddin Auvi
Backport of 2f7cd7f8ecb01d30c1dfdaefa1c1714db76d2553 from master
2018-11-16[1.11.x] Fixed #29959 -- Cached GEOS version in WKBWriter class.Claude Paroz
Regression in f185d929fa1c0caad8c03fccde899b647d7248c6. Backport of e7e55059027ae2f644c852e0ba60dc9307b425e1 from master.
2018-11-16[1.11.x] Removed release date for 1.11.17.Tim Graham
Backport of 97cec6f75d9d9b86892829f784e5e9dabfd1242a from master.
2018-10-01[1.11.x] Added CVE-2018-16984 to the security release archive.Carlton Gibson
Backport of 0b3b7c4b0ab2567cfe5df3ac19563d4a59276cb1 and 92ccc3917058b1025b2d657ffdf3c21eb8009f7b from master
2018-10-01[1.11.x] Added stub release notes for 1.11.17 release.Carlton Gibson
Backport of 7040e638b960c122cd71eccac2b1bf2fe8d0f5da from master
2018-10-01[1.11.x] Added release date for 1.11.16.Carlton Gibson
Backport of d37ed40048b749c75f7f54ef8b96d8e738f10719 from master
2018-09-18[1.11.x] Refs #29759 -- Doc'd that cx_Oracle < 7 is required.Mariusz Felisiak
Backport of 7085247e2fd1ad8b08103173a23ca730784765a3 from stable/2.0.x
2018-08-04[1.11.x] Fixed #28540 -- Doc'd a change to file upload permissions in Django ↵Tim Graham
1.11. Behavior changed in f734e2d4b2fc4391a4d097b80357724815c1d414 (refs #27334). Backport of 89d4d412404d31ef34ae3170c0c056eff55b2a17 from master
2018-08-02[1.11.x] Fixed #29499 -- Fixed race condition in QuerySet.update_or_create().Michael Sanders
A race condition happened when the object didn't already exist and another process/thread created the object before update_or_create() did and then attempted to update the object, also before update_or_create() saved the object. The update by the other process/thread could be lost. Backport of 271542dad1686c438f658aa6220982495db09797 from master
2018-08-01[1.11.x] Added CVE-2018-14574 to the security release archive.Tim Graham
Backport of 0006538e53bf11d1de26801b13b78807354de2c8 from master
2018-07-25[1.11.x] Fixed CVE-2018-14574 -- Fixed open redirect possibility in ↵Andreas Hug
CommonMiddleware.
2018-07-24[1.11.x] Added stub release notes for security release.Tim Graham
2018-07-02[1.11.x] Added release date for 1.11.14.Carlton Gibson
Backport of 65df375c40dfe591b258f36709123abc6957fbd7 from master
2018-06-28[1.11.x] Fixed location of a few doc labels.Tim Graham
Backport of 1229687a0a261d05a72e6f189c1a9b0069b302e5 from master
2018-06-07[1.11.x] Fixed #28462 -- Decreased memory usage with ModelAdmin.list_editable.Adam Donaghy
Regression in 917cc288a38f3c114a5440f0749b7e5e1086eb36. Backport of b18650a2634890aa758abae2f33875daa13a9ba3 from master
2018-05-31[1.11.x] Fixed #29460 -- Added support for GEOS 3.6.Tim Graham
Backport of f185d929fa1c0caad8c03fccde899b647d7248c6 from master
2018-05-31[1.11.x] Added stub release notes for 1.11.14.Tim Graham
Backport of 8a6fcfdc77d84bd5cebf1e6a6dd65c64f9cb40b8 from master
2018-05-27[1.11.x] Fixed docs typo in HttpResponse.set_signed_cookie() signature.Osaetin Daniel
Backport of cd242d185bda9269913d4d101a7f704204ec907d from master
2018-05-27[1.11.x] Removed docs for obsolete ExceptionMiddleware.Daniel Hepper
Backport of a6fb5b1fe022c5279aa275c70b5193f2a2fac5fe from master
2018-05-01[1.11.x] Added release date for 1.11.13.Tim Graham
2018-04-18Revert "[1.11.x] Fixed #29174, #29175 -- Doc'd that f-strings and JavaScript ↵Carlton Gibson
template strings can't be translated." This reverts commit 8b4798c8d31b3cd9faab4caf11fca000b07f0181.
2018-04-18[1.11.x] Fixed #29174, #29175 -- Doc'd that f-strings and JavaScript ↵Tim Graham
template strings can't be translated. Backport of c3437f734d03d93f798151f712064394652cabed from master
2018-04-13[1.11.x] Fixed #29286 -- Fixed column mismatch crash with QuerySet.values() ↵Mariusz Felisiak
or values_list() after combining an annotated and unannotated queryset with union(), difference(), or intersection(). Regression in a0c03c62a8ac586e5be5b21393c925afa581efaf. Thanks Tim Graham and Carlton Gibson for reviews. Backport of 0b66c3b442875627fa6daef4ac1e90900d74290b from master.
2018-04-12[1.11.x] Fixed #29296 -- Fixed crashes in admindocs when a view is a ↵Paul Donohue
callable object. Backport of 33a0b7ac815588ed92dca215e153390af8bdbdda from master
2018-04-11[1.11.x] Fixed #29193 -- Prevented unnecessary foreign key drops when ↵Jeremy Bowman
altering a unique field. Stopped dropping and recreating foreign key constraints on other fields in the same table as the one which is actually being altered in an AlterField operation. Regression in c3e0adcad8d8ba94b33cabd137056166ed36dae0. Backport of ee17bb8a67a9e7e688da6e6f4b3be1b3a69c09b0 from master
2018-04-10[1.11.x] Refs #28062 -- Doc'd PostgreSQL server-side cursors as a backwards ↵Tim Graham
incompatible change. Backport of 2919a08c20d5ae48e381d6bd251d3b0d400d47d9 from master