| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-01-13 | [1.4.x] Bumped version for 1.4.18 release.1.4.18 | Tim Graham | |
| 2015-01-13 | [1.4.x] Added dates to release notes. | Tim Graham | |
| 2015-01-05 | [1.4.x] Prevented views.static.serve() from using large memory on large files. | Tim Graham | |
| This is a security fix. Disclosure following shortly. | |||
| 2015-01-05 | [1.4.x] Fixed is_safe_url() to handle leading whitespace. | Tim Graham | |
| This is a security fix. Disclosure following shortly. | |||
| 2015-01-05 | [1.4.x] Stripped headers containing underscores to prevent spoofing in WSGI ↵ | Carl Meyer | |
| environ. This is a security fix. Disclosure following shortly. Thanks to Jedediah Smith for the report. | |||
| 2015-01-05 | [1.4.x] Added stub release notes for security releases. | Tim Graham | |
| 2015-01-05 | [1.4.x] Fixed #24081 -- Downgraded six to 1.8.0. | Tim Graham | |
| This reverts commit a25c444bc701b496f2b05f57fc3ec42cdac9dd85. six 1.9+ requires Python 2.6 so this commit restores Python 2.5 compatibility. | |||
| 2015-01-02 | [1.4.x] Bumped version for 1.4.17 release.1.4.17 | Tim Graham | |
| 2015-01-02 | [1.4.x] Added dates to release notes. | Tim Graham | |
| Backport of 15cd71ed24945ff7be5716580603fd65c0d45ef7 from master | |||
| 2015-01-02 | [1.4.x] Updated six to 1.9.0. | Tim Graham | |
| Backport of 52f0b2b62262743d5f935ddae29428e661b5d8ea from master | |||
| 2014-11-25 | [1.4.x] Fixed #23754 -- Always allowed reference to the primary key in the admin | Simon Charette | |
| This change allows dynamically created inlines "Add related" button to work correcly as long as their associated foreign key is pointing to the primary key of the related model. Thanks to amorce for the report, Julien Phalip for the initial patch, and Collin Anderson for the review. Backport of f9c4e14aeca7df79991bca8ac2d743953cbd095c from master | |||
| 2014-11-04 | [1.4.x] Updated six to 1.8.0. | Tim Graham | |
| Backport of 81477c91f6 from master | |||
| 2014-10-22 | [1.4.x] Bump version numbers for bugfix release.1.4.16 | James Bennett | |
| 2014-10-22 | [1.4.x] Added release dates to release notes. | Tim Graham | |
| Backport of 9dc782b631 from master | |||
| 2014-10-10 | [1.4.x] Fixed #23631 -- Removed outdated note on MySQL timezone support. | Tim Graham | |
| Thanks marfire for the report. Backport of 9db3653670 from master | |||
| 2014-10-06 | [1.4.x] Fixed #23604 -- Allowed related m2m fields to be references in the ↵ | Emmanuelle Delescolle | |
| admin. Thanks Simon Charette for review. Backport of a24cf21722 from master | |||
| 2014-09-17 | [1.4.x] Fixed #23499 -- Error in built-in template tag "now" documentation | Joseph Dougherty | |
| Backport of ab8248361e0a7b4fc7684eaaa5891e16b8562683 from master. | |||
| 2014-09-11 | [1.4.x] Fixed #20036 -- Improved GEOS version string parsing | Claude Paroz | |
| Thanks chikiro.spam at gmail.com for the report. | |||
| 2014-09-08 | [1.4.x] Fixed #23431 -- Allowed inline and hidden references to admin fields. | Simon Charette | |
| This fixes a regression introduced by the 53ff096982 security fix. Thanks to @a1tus for the report and Tim for the review. refs #23329. Backport of 342ccbd from master | |||
| 2014-09-02 | [1.4.x] Added dates to release notes. | Tim Graham | |
| Backport of 0fd23545db from master | |||
| 2014-09-02 | [1.4.x] Bump version numbers for bugfix release.1.4.15 | James Bennett | |
| 2014-08-27 | [1.4.x] Fixed #23329 -- Allowed inherited and m2m fields to be referenced in ↵ | Simon Charette | |
| the admin. Thanks to Trac alias Markush2010 and ross for the detailed reports. Backport of 3cbb759 from master | |||
| 2014-08-26 | [1.4.x] Fixed spelling mistake in file docs. | Tim Graham | |
| Backport of a3e88e64a4 from master | |||
| 2014-08-20 | [1.4.x] Added dates to release notes. | Tim Graham | |
| 2014-08-20 | [1.4.x] Bump version numbers for security release.1.4.14 | James Bennett | |
| 2014-08-11 | [1.4.x] Prevented data leakage in contrib.admin via query string manipulation. | Simon Charette | |
| This is a security fix. Disclosure following shortly. | |||
| 2014-08-11 | [1.4.x] Fixed #23066 -- Modified RemoteUserMiddleware to logout on ↵ | Preston Holmes | |
| REMOTE_USE change. This is a security fix. Disclosure following shortly. | |||
| 2014-08-11 | [1.4.x] Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file ↵ | Tim Graham | |
| names. This is a security fix. Disclosure following shortly. | |||
| 2014-08-11 | [1.4.x] Prevented reverse() from generating URLs pointing to other hosts. | Florian Apolloner | |
| This is a security fix. Disclosure following shortly. | |||
| 2014-08-11 | [1.4.x] Added release note stub for 1.4.14. | Tim Graham | |
| 2014-08-11 | [1.4.x] Added a warning that remove_tags() output shouldn't be considered safe. | Tim Graham | |
| Backport of 7efce77de2 from master | |||
| 2014-08-08 | [1.4.x] Noted that django-jython requires Django 1.7. | Tim Graham | |
| Backport of 72e98d5c16 from stable/1.6.x | |||
| 2014-08-06 | [1.4.x] Fixed #23239 -- Clarified a phrase in the contrib.markup docs. | Tim Graham | |
| Backport of e0fb48c254 from stable/1.5.x | |||
| 2014-08-02 | [1.4.x] Fixed #23149 -- Clarified note on HTTPOnly in cookie-based session docs | Erik Romijn | |
| Backport of e26366da44bb343e7a95d01ff0dd18b8026c2802 from master. | |||
| 2014-06-18 | [1.4.x] Fixed #22859 -- Improved crossDomain technique in CSRF example. | Tim Graham | |
| Thanks flisky for the report. Backport of 0be4d64487 from master | |||
| 2014-05-15 | [1.4.x] Minor edits to latest release notes. | Tim Graham | |
| Backport of 860d31ac7a3bdd4b27db8b34b110b3d801ddaf8a from master | |||
| 2014-05-14 | Bumped version numbers for release.1.4.13 | Jacob Kaplan-Moss | |
| 2014-05-14 | Added release notes for 1.4.13. | Jacob Kaplan-Moss | |
| 2014-04-28 | [1.4.x] Added dates to release notes of today's release. | Tim Graham | |
| Backport of 68d264059abb21b96c4fe68bf4d99520268a451c from master | |||
| 2014-04-28 | [1.4.x] Bump version numbers for 1.4.12 bugfix release.1.4.12 | James Bennett | |
| 2014-04-23 | [1.4.x] Fixed #22486 -- Restored the ability to reverse views created using ↵ | Tim Graham | |
| functools.partial. Regression in 8b93b31. Thanks rcoup for the report. Backport of 3c06b2f2a3 from master | |||
| 2014-04-21 | [1.4.x] Bump version numbers for 1.4.11 security release.1.4.11 | James Bennett | |
| 2014-04-21 | [1.4.x] Added information on resolved security issues to release notes. | Erik Romijn | |
| Backport of c07f3e60c2d455e36ba4ac339d4283d32bbc3814 from master | |||
| 2014-04-21 | [1.4.x] Fixed queries that may return unexpected results on MySQL due to ↵ | Erik Romijn | |
| typecasting. This is a security fix. Disclosure will follow shortly. Backport of 75c0d4ea3ae48970f788c482ee0bd6b29a7f1307 from master | |||
| 2014-04-21 | [1.4.x] Corrected the section identifier for MySQL unicode reference. | Matt Lauber | |
| Backport of b2514c02e1 from master | |||
| 2014-03-24 | [1.4.x] Updated six to 1.6.1. | Tim Graham | |
| Backport of 2ec82c7387db071278201796208808de84c90dbf from master | |||
| 2014-03-22 | [1.4.x] Clarified striptags documentation | Claude Paroz | |
| The fact that striptags cannot guarantee to really strip all non-safe HTML content was not clear enough. Also see: https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/ Partial backport (doc-only) of 6ca6c36f82 from master. | |||
| 2014-03-05 | [1.4.x] Fixed #21195 -- Clarifed usage of template_name in tutorial part 4. | Tim Graham | |
| Backport of b66a51ad545ac726ef98966cbc35ee7aefdff8cd from master. | |||
| 2014-01-26 | [1.4.x] Added release note stub for 1.4.11. | Tim Graham | |
| Backport of dfa28981ce from master. | |||
| 2014-01-24 | [1.4.x] Fixed #21869 -- Fixed docs building with Sphinx 1.2.1. | Tim Graham | |
| Thanks tragiclifestories for the report. Backport of e1d18b9d2e from master | |||
