summaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
2019-09-02[2.1.x] Added release dates for 2.1.12 and 1.11.24.Mariusz Felisiak
Backport of 47f49adc11c0d39be3f41f92becc1f606c49d8ce from master.
2019-08-14[2.1.x] Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms ↵Mariusz Felisiak
on expressions with params. Regression in 4f5b58f5cd3c57fee9972ab074f8dc6895d8f387. Thanks Florian Apolloner for the report and helping with tests. Backport of 1f8382d34d54061eddc41df6994e20ee38c60907 from master.
2019-08-01[2.1.x] Added CVE-2019-14235 to security release archive.Carlton Gibson
Backport of a5652eb795e896df0c0f2515201f35f9cd86b99b from master
2019-08-01[2.1.x] Added CVE-2019-14234 to security release archive.Carlton Gibson
Backport of 3a6a2f5eaf74200a9591a6311fdb0ea78ee305ee from master
2019-08-01[2.1.x] Added CVE-2019-14233 to security release archive.Carlton Gibson
Backport of 9600f63885d2d240f85d59bff6acbe200f890298 from master
2019-08-01[2.1.x] Added CVE-2019-14232 to the security release archive.Carlton Gibson
Backport of 87750787d1e464b7143f366d9485ba20fefc9c94 from master
2019-07-31[2.1.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in ↵Florian Apolloner
django.utils.encoding.uri_to_iri(). Thanks to Guido Vranken for initial report.
2019-07-31[2.1.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and ↵Mariusz Felisiak
index lookups against SQL injection. Thanks to Sage M. Abdullah for the report and initial patch. Thanks Florian Apolloner for reviews.
2019-07-29[2.1.X] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ↵Florian Apolloner
strip_tags() when handling incomplete HTML entities. Thanks to Guido Vranken for initial report.
2019-07-29[2.1.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues ↵Florian Apolloner
when truncating HTML. Thanks to Guido Vranken for initial report.
2019-07-25[2.1.x] Added stub release notes for security releases.Carlton Gibson
Backport of f13147c8de725eed7038941758469aeb9bd66503 from master
2019-07-01[2.1.x] Added CVE-2019-12781 to the security release archive.Mariusz Felisiak
Backport of 868cd56f058ca203419ad0886353173b74c3bcf1 from master
2019-07-01[2.1.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵Carlton Gibson
SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review. Backport of 54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 from master
2019-07-01[2.1.x] Added stub release notes for security releases.Mariusz Felisiak
Backport of 30b3ee9d0b33bb440f9c73d1ce9e0e7303887a9f from master
2019-06-03[2.1.x] Added CVE-2019-12308 to the security release archive.Nick Pope
Backport of 21b1d239125f1228e579b1ce8d94d4d5feadd2a6 from master
2019-06-03[2.1.x] Added CVE-2019-11358 to the security release archive.Nick Pope
Backport of 8fb0ea55830321852a4a051a478f78e24d4f6889 from master
2019-06-03[2.1.x] Fixed typos in 1.11.21, 2.1.9, 2.2.2 release notes.Mariusz Felisiak
Backport of 100ec901aebebe56b61f101af38a228414098dd5 from master
2019-06-03[2.1.x] Applied jQuery patch for CVE-2019-11358.Carlton Gibson
Backport of 34ec52269ade54af31a021b12969913129571a3f from master.
2019-06-03[2.1.x] Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL before ↵Carlton Gibson
rendering clickable link. Backport of deeba6d92006999fee9adfbd8be79bf0a59e8008 from master.
2019-06-03[2.1.x] Added stub release notes for security releases.Carlton Gibson
Backport of 98c0fe19ee2cba9726708ac9336e1dc0d43cca69 from master
2019-04-07[2.1.x] Refs #27807 -- Removed docs for User.username_validator.Tim Graham
The new override functionality claimed in refs #21379 doesn't work. Forwardport of 714fdbaa7048c2321f6238d9421137c33d9af7cc from stable/1.10.x.
2019-04-05[2.1.x] Refs #30331 -- Doc'd that psycopg2 < 2.8 is required.Mariusz Felisiak
2019-03-30[2.1.x] Fixed #30289 -- Prevented admin inlines for a ManyToManyField's ↵Tim Graham
implicit through model from being editable if the user only has the view permission. Backport of 8335d59200e4c64dfe3348ea93989d95e0107439 from master.
2019-03-30[2.1.x] Added stub 2.1.8 release notes.Tim Graham
Backport of e245046bb6e8b32360aa48b8a41fb7050f0fc730 from master
2019-03-21[2.1.x] Fixed #30277 -- Fixed broken links to packaging.python.org.Tim Graham
Backport of 8f1cc7e9e61758475ddd6586e0fede4af1ca0e8d from master.
2019-02-28[2.1.x] Clarified permission-related docs.Tobias Bengfort
Backport of 632d4861ddb99a2c9d11642fcfa4ad542b427d6b from master
2019-02-25[2.1.x] Refs #29683 -- Updated multi-db docs for view permission.Tim Graham
Backport of 50f09264ae8ab04824fcc6554e8c184378ad2f81 from master
2019-02-25[2.1.x] Fixed documentation of database representation for ManyToManyField.Mariusz Felisiak
Backport of b0799f5d86b6c0ccb1dcba6e0d2eee336f7f5928 from master
2019-02-16[2.1.x] Fixed #30187 -- Moved "install Django" command to a console box.Mariusz Felisiak
Backport of edec11ce86a1a0d9e4c5a2a0df6acaf655041c24 from master.
2019-02-11[2.1.x] Added CVE-2019-6975 to the security release archive.Tim Graham
Backport of d6e5aad5c7eba3d8061c09902de16cd2b22619af from master.
2019-02-11[2.1.x] Refs #30177 -- Forwardported 2.0.13 release notes.Tim Graham
Backport of 1b8f552b08eb7642be598ba7512e7eaecefbdc6d from master.
2019-02-11[2.1.x] Refs #30175 -- Added release notes for 2.1.7, 2.0.12, and 1.11.20 ↵Carlton Gibson
releases. Backport of b39bd0aa6d5667d6bbcf7d349a1035c676e3f972 from master
2019-02-11[2.1.x] Fixed CVE-2019-6975 -- Fixed memory exhaustion in ↵Carlton Gibson
utils.numberformat.format(). Thanks Sjoerd Job Postmus for the report and initial patch. Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review. Backport of 402c0caa851e265410fbcaa55318f22d2bf22ee2 from master
2019-02-08[2.1.x] Removed extra characters in docs header underlines.Mariusz Felisiak
Backport of 25829197bb94585e94695360065ac614aa9e6a56 from master
2019-02-07[2.1.x] Added stub release notes for security releases.Carlton Gibson
Backport of 5cc6f02f91e8860c867cc68cf42e66b5bb54c63d from master
2019-02-04[2.1.x] Fixed duplicate word in docs/releases/2.0.txt.Daniel Hahler
Backport of fdc4518fe296c169cf54f23fdad2e0fc8785c059 from master.
2019-02-01[2.1.x] Used extlinks for GitHub commits.Tim Graham
Backport of c34c6d0a2fc6d9bc55fb2db94b9ed40141babb15 from master.
2019-01-31[2.1.x] Corrected output of Prefetch.to_attr example.Sergey Fedoseev
Backport of ba7a420012799b26ec9e969d0276d2ccee93c1f5 from master.
2019-01-11[2.1.x] Fixed #30097 -- Made 'obj' arg of ↵MaximZemskov
InlineModelAdmin.has_add_permission() optional. Restored backwards compatibility after refs #27991. Regression in be6ca89396c031619947921c81b8795d816e3285. Backport of 3c01fe30f3dd4dc1c8bb4fec816bd277d1ae5fa6 from master.
2019-01-08[2.1.x] Added stub 2.1.6 release notes.Tim Graham
Backport of 36fceeec883c5082168714a0eb14a2fe40f9d79b from master.
2019-01-04[2.1.x] Added CVE-2019-3498 to the security release archive.Tim Graham
Backport of 162ae9c9143aa85eb27ea69b446a28973eea4854 from master.
2019-01-03[2.1.x] Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in ↵Tom Hacohen
the default 404 page. Co-Authored-By: Tim Graham <timograham@gmail.com> Backport of 1ecc0a395be721e987e8e9fdfadde952b6dee1c7 from master.
2019-01-02[2.1.x] Fixed typo in docs/ref/migration-operations.txt.Jozef
Backport of 5bbf31634faad13658dc7bcaeb8139d8625e4349 from master.
2019-01-01[2.1.x] Fixed #30050 -- Fixed InlineModelAdmin.has_change_permission() ↵Tim Graham
called with non-None obj during add. Thanks andreage for the report and suggested fix. Backport of 02c07be95c47efaab9da7422c33ee76142f11336 from master.
2018-12-29[2.1.x] Added examples to HttpRequest.build_absolute_uri() docs.Adam Johnson
Backport of b71e3d635a5731ec02469822694d06d964007f9b from master.
2018-12-27[2.1.x] Updated OWASP Top 10 link to the latest version.Vedran Karačić
Backport of 293db9eb36e42e8ba976c2639800020d04b95deb from master.
2018-12-27[2.1.x] Fixed broken links to PyYAML page.CHI Cheng
Backport of b7dbd5ff68bb9d2235ca081c0bd0b8baa65f8c77 from master.
2018-12-24[2.1.x] Added import locations to contrib.postgres aggregates and validators ↵Marten Kenbeek
docs. Backport of 7a6dbbb655850bff56cd717a3bfa0975e200d15f from master.
2018-12-20[2.1.x] Fixed #30015 -- Ensured request body is properly consumed for ↵Konstantin Alekseev
keep-alive connections. Backport of b514dc14f4e1c364341f5931b354e83ef15ee12d and bbe28fa07658f00786dc1d91ee281b4daac22d07 from master.
2018-12-17[2.1.x] Fixed #30023 -- Prevented SQLite schema alterations while foreign ↵Simon Charette
key checks are enabled. Prior to this change foreign key constraint references could be left pointing at tables dropped during operations simulating unsupported table alterations because of an unexpected failure to disable foreign key constraint checks. SQLite3 does not allow disabling such checks while in a transaction so they must be disabled beforehand. Thanks ezaquarii for the report and Carlton and Tim for the review. Backport of 315357ad25a6590e7f4564ec2e56a22132b09001 from master.