summaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
2021-02-01[2.2.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via ↵Mariusz Felisiak
archive.extract(). Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews. Thanks Wang Baohua for the report. Backport of 05413afa8c18cdb978fcdf470e09f7a12b234a23 from master.
2021-01-02[2.2.x] Updated CVE URL.Tim Graham
Backport of 656b331b13e08e82bbf0b88d39080c5b1a02109c from master
2020-11-02[2.2.x] Set release date for 2.2.17.Carlton Gibson
Backport of 7fc07b9b2ba0c5c62a8840325d21b414a099fda0 from master
2020-10-13[2.2.x] Refs #31040 -- Doc'd Python 3.9 compatibility.Mariusz Felisiak
Backport of e18156b6c35908f2a4026287b5225a6a4da8af1a from master.
2020-10-06[2.2.x] Skipped GetImageDimensionsTests.test_webp when WEBP is not installed.Mariusz Felisiak
Bumped minimum Pillow version to 4.2.0 in test requirements. Backport of fce389af7cf95151118c9fc7cafd777a31f94946 from master
2020-09-01[2.2.x] Added CVE-2020-24583 & CVE-2020-24584 to security archive.Carlton Gibson
Backport of d5b526bf78a9e5d9760e0c0f7647622bf47782fe from master
2020-09-01[2.2.x] Added CVE-2020-13254 and CVE-2020-13596 to security archive.Carlton Gibson
Backport of 54975780ee2e4017844ecad94835fdce43d97377 from master
2020-09-01[2.2.x] Added release date for 2.2.16.Carlton Gibson
Backport of 976e2b7420c0f7e3060a13792b97511a9aad31d7 from master
2020-08-25[2.2.x] Fixed CVE-2020-24584 -- Fixed permission escalation in ↵Mariusz Felisiak
intermediate-level directories of the file system cache on Python 3.7+. Backport of f56b57976133129b0b351a38bba4ac882badabf0 from master.
2020-08-25[2.2.x] Fixed CVE-2020-24583, #31921 -- Fixed permissions on ↵Mariusz Felisiak
intermediate-level static and storage directories on Python 3.7+. Thanks WhiteSage for the report. Backport of ea0febbba531a3ecc8c77b570efbfb68ca7155db from master.
2020-08-13[2.2.x] Refs #31863 -- Added release notes for ↵Mariusz Felisiak
94ea79be137f3cb30949bf82198e96e094f2650d. Backport of 21768a99f47ee73a2f93405151550ef7c3d9c8a2 from master
2020-08-11[2.2.x] Fixed #31866 -- Fixed locking proxy models in ↵Daniel Hillier
QuerySet.select_for_update(of=()). Backport of 60626162f76f26d32a38d18151700cb041201fb3 from master
2020-08-11[2.2.x] Added stub release notes for 2.2.16.Mariusz Felisiak
Backport of 8a5683b6b2aede38edcff070686ed1fce470dec5 from master
2020-08-03[2.2.x] Added release date for 2.2.15.Mariusz Felisiak
Backport of b68b8cb89abb35ff2152175ea540619ec384b1f4 from master
2020-07-20[2.2.x] Fixed #31784 -- Fixed crash when sending emails on Python 3.6.11+, ↵Florian Apolloner
3.7.8+, and 3.8.4+. Fixed sending emails crash on email addresses with display names longer then 75 chars on Python 3.6.11+, 3.7.8+, and 3.8.4+. Wrapped display names were passed to email.headerregistry.Address() what caused raising an exception because address parts cannot contain CR or LF. See https://bugs.python.org/issue39073 Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> Backport of 96a3ea39ef0790dbc413dde0a3e19f6a769356a2 from master.
2020-07-16[2.2.x] Fixed #31790 -- Fixed setting SameSite cookies flag in ↵Mariusz Felisiak
HttpResponse.delete_cookie(). Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies. Backport of 331324ecce1330dce3dbd1713203cb9a42854ad7 from stable/3.0.x
2020-07-03[2.2.x] Fixed #30945 -- Doc'd plural equations changes in 2.2. release notes.David Smith
Backport of 392036be29b759204cbc4033072672acacabf3f7 from master
2020-07-01[2.2.x] Added release date for 2.2.14.Mariusz Felisiak
Backport of 0f3aecf581b50215820455eb2f6a19a1b3b3ef8b from master.
2020-06-30[2.2.x] Refs #31751 -- Doc'd that cx_Oracle < 8 is required.Mariusz Felisiak
2020-06-10[2.2.x] Refs #31682 -- Doc'd minimal sqlparse version in Django 2.2.Mariusz Felisiak
Support for sqlparse < 0.2.2 was broken in 40b0a58f5ff949fba1072627e4ad11ef98aa7f36 because is_whitespace property was added in sqlparse 0.2.2. Backport of 4339f2aff272bceabd67e452c65bcfe0700b3f09 from master.
2020-06-10[2.2.x] Refs #30183 -- Doc'd dropping support for sqlparse < 0.2.2.Stephen Rauch
Support for sqlparse < 0.2.2 was broken in 782d85b6dfa191e67c0f1d572641d8236c79174c because is_whitespace property was added in sqlparse 0.2.2. Backport of 4b6db766ba4b613d317c87f87d1d63865b7424a4 from master.
2020-06-05[2.2.x] Fixed #31654 -- Fixed cache key validation messages.Mariusz Felisiak
Backport of 926148ef019abcac3a9988c78734d9336d69f24e from master.
2020-06-03[2.2.x] Fixed CVE-2020-13254 -- Enforced cache key validation in memcached ↵Dan Palmer
backends.
2020-06-03[2.0.x] Fixed CVE-2020-13596 -- Fixed potential XSS in admin ↵Jon Dufresne
ForeignKeyRawIdWidget.
2020-06-03[2.2.x] Added release date for 2.2.13.Carlton Gibson
Backport of 81dc710571b773557170cce9764fff83b6dfd8ae from master
2020-06-02[2.2.x] Refs #31485 -- Backported jQuery upgrade to 3.5.1.Carlton Gibson
2020-06-02[2.2.x] Fixed term warning on Sphinx 3.0.1+.Mariusz Felisiak
"term" role became case sensitive in Sphinx 3.0.1. Backport of cc70a0343ef51ffcc0b1211dd6e7abedc4b43ea6 from master
2020-06-02[2.2.x] Fixed highlightlang deprecation warning on Sphinx 1.8+.Mariusz Felisiak
Backport of 678f958ef972bf9be402332537149ca0884035ba from master
2020-06-02[2.2.x] Fixed CodeBlock deprecation warning on Sphinx 2.1+.Mariusz Felisiak
Backport of a4e4737cf36f3ba6f526587f2656cf4be64b91bf from master.
2020-06-02[2.2.x] Fixed Sphinx warnings on duplicate object descriptions.Mariusz Felisiak
Backport of 69e2cd6fed40f3ecf767609b80ad31f288446e48 from master.
2020-06-01[2.2.x] Fixed #31570 -- Corrected translation loading for apps providing ↵Carlton Gibson
territorial language variants with different plural equations. Regression in e3e48b00127c09eafe6439d980a82fc5c591b673. Thanks to Shai Berger for report, reproduce and suggested fix. Backport of dd1ca50b096bf0351819aabc862e91a9797ddaca from master.
2020-05-27[2.2.x] Updated expected release dates for 2.2.13.Carlton Gibson
Backport of 9d55ae00d3dad9e93714add69ab7e48e7b0bcafa from master
2020-05-14[2.2.x] Added stub release notes for 2.2.13.Mariusz Felisiak
Backport of 50798d43898c7d46926a4292f86fdf3859a433da from master
2020-04-01[2.2.x] Added release date for 2.2.12.Carlton Gibson
Backport of b56243b77f6ae3125bd1a3f24163b28a13a30c5f from master
2020-03-10[2.2.x] Fixed #30439 -- Added support for different plural forms for a language.Claude Paroz
Thanks to Michal Čihař for review. Backport of e3e48b00127c09eafe6439d980a82fc5c591b673 from master
2020-03-10[2.2.x] Added stub release notes for 2.2.12.Carlton Gibson
Backport of a4200e958d1da46465d7d684674a1711bc9f65e0 from master
2020-03-04[2.2.x] Fixed typo in docs/releases/1.11.29.txt.Mariusz Felisiak
Backport of 43f8ba1c7c0a264b67224c62b48fcd0dfdaddec3 from master
2020-03-04[2.2.x] Added CVE-2020-9402 to security archive.Mariusz Felisiak
Backport of f37f9a0bf061fd0dfe4e45adb39157c3307ec8e2 from master
2020-03-04[2.2.x] Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS ↵Mariusz Felisiak
functions and aggregates on Oracle. Thanks to Norbert Szetei for the report.
2020-02-18[2.2.x] Fixed #31282 -- Corrected RelatedManager docs for using ↵Carlton Gibson
add/remove/set with PKs. Backport of 3bbf9a489afc689eff2f4a0b84af196aa1ef51e7 from master
2020-02-11[2.2.x] Fixed #31246 -- Fixed locking models in ↵Abhijeet Viswa
QuerySet.select_for_update(of=()) for related fields and parent link fields with multi-table inheritance. Partly regression in 0107e3d1058f653f66032f7fd3a0bd61e96bf782. Backport of 1712a76b9dfda1ef220395e62ea87079da8c9f6c from master.
2020-02-10[2.2.x] Added stub release notes for 2.2.11.Mariusz Felisiak
Backport of 7e8339748cc199b4a13513891d9ac4f1e4794588 from master
2020-02-03[2.2.x] Added CVE-2020-7471 to security archive.Carlton Gibson
Backport of d8b2ccbbb846328a0938347dc70cb2e603164d9a from master
2020-01-26[2.2.x] Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.Simon Charette
2019-12-18[2.2.x] Added CVE-2019-19844 to the security archive.Mariusz Felisiak
Backport of 5a2b9f0b546222e928df91310acb9cf363a6c920 from master
2019-12-18[2.2.x] Fixed CVE-2019-19844 -- Used verified user email for password reset ↵Simon Charette
requests. Backport of 5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70 from master. Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
2019-12-11[2.2.x] Refs #31073 -- Added release notes for ↵Mariusz Felisiak
02eff7ef60466da108b1a33f1e4dc01eec45c99d. Backport of ec12c37384798093e359971c8980fe0c68d555bc from master.
2019-12-02[2.2.x] Fixed #31006 -- Doc'd backslash escaping in date/time template filters.Ryan Cheley
Backport of a1f14ee3e5a2160c2eef1dad58a1da11be4b1531 from master
2019-12-02[2.2.x] Added CVE-2019-19118 to the security archive.Carlton Gibson
Backport of 900ea762e5d1342e84a645483d05b90e6d908f2d from master
2019-12-02[2.2.x] Removed issue reporter name from 2.1.15 and 2.2.8 release notes.Carlton Gibson
Backport of 368b8d20aaa16f0ef763759a0a87d986ef460584 from master