| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2022-01-04 | [2.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in ↵ | Florian Apolloner | |
| UserAttributeSimilarityValidator. Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu> | |||
| 2020-10-07 | [2.2.x] Refs #31040 -- Fixed crypt.crypt() call in test_hashers.py. | Mariusz Felisiak | |
| An empty string is invalid salt in Python 3 and raises exception since Python 3.9, see https://bugs.python.org/issue38402. Backport of 1960d55f8baa412b43546d15a8342554808fff57 from master | |||
| 2019-12-18 | [2.2.x] Fixed CVE-2019-19844 -- Used verified user email for password reset ↵ | Simon Charette | |
| requests. Backport of 5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70 from master. Co-Authored-By: Florian Apolloner <florian@apolloner.eu> | |||
| 2019-12-02 | Fixed CVE-2019-19118 -- Required edit permissions on parent model for ↵ | Carlton Gibson | |
| editable inlines in admin. Thank you to Shen Ying for reporting this issue. | |||
| 2019-11-29 | [2.2.x] Fixed #31021 -- Fixed proxy model permissions data migration crash ↵ | Mariusz Felisiak | |
| with a multiple databases setup. Regression in 98296f86b340c8c9c968375d59f1d3a3479e60c2. Backport of e8fcdaad5c428878d0a5d6ba820d957013f75595 from master | |||
| 2019-04-27 | [2.2.x] Fixed #30351 -- Handled pre-existing permissions in proxy model ↵ | Carlton Gibson | |
| permissions data migration. Regression in 181fb60159e54d442d3610f4afba6f066a6dac05. Backport of 98296f86b340c8c9c968375d59f1d3a3479e60c2 from master | |||
| 2019-03-15 | [2.2.x] Cleaned up exception message checking in some tests. | Jon Dufresne | |
| Backport of 95b7699ffc4bdb32a504fccfd127f1b76a8a1d1c from master. | |||
| 2019-01-16 | Fixed #11154, #22270 -- Made proxy model permissions use correct content type. | Arthur Rio | |
| Co-Authored-By: Simon Charette <charette.s@gmail.com> Co-Authored-By: Antoine Catton <acatton@fusionbox.com> | |||
| 2019-01-10 | Refs #28478 -- Deprecated TestCase's allow_database_queries and multi_db in ↵ | Simon Charette | |
| favor of databases. | |||
| 2019-01-09 | Fixed #30037 -- Added request arg to RemoteUserBackend.configure_user(). | Joshua Cannon | |
| 2018-12-31 | Updated test URL patterns to use path() and re_path(). | Tim Graham | |
| 2018-12-21 | Added tests for ContentType/Group/Permission.__str__(). | Tim Graham | |
| 2018-11-27 | Made reused RequestFactory instances class attributes. | Simon Charette | |
| 2018-11-27 | Switched setUp() to setUpTestData() where possible in Django's tests. | Simon Charette | |
| 2018-11-27 | Switched TestCase to SimpleTestCase where possible in Django's tests. | Tim Graham | |
| 2018-11-15 | Fixed #29952 -- Lowercased all passwords in contrib.auth's ↵ | Mathew Payne | |
| auth/common-passwords.txt.gz. | |||
| 2018-10-10 | Refs #27795 -- Removed force_bytes() usage from django/utils/http.py. | Jon Dufresne | |
| django.utils.http.urlsafe_base64_encode() now returns a string, not a bytestring. Since URLs are represented as strings, urlsafe_base64_encode() should return a string. All uses immediately decoded the bytestring to a string anyway. As the inverse operation, urlsafe_base64_decode() accepts a string. | |||
| 2018-10-01 | Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin ↵ | Tim Graham | |
| user change form. | |||
| 2018-10-01 | Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" ↵ | Carlton Gibson | |
| users. Thanks Claude Paroz & Tim Graham for collaborating on the patch. | |||
| 2018-09-26 | Fixed #29782 -- Added better error message when filtering queryset with ↵ | Ramon Saraiva | |
| AnonymousUser. | |||
| 2018-09-26 | Refs #29784 -- Switched to https:// links where available. | Jon Dufresne | |
| 2018-09-25 | Added a test for password_changed() with a custom validator. | Alexey | |
| 2018-08-18 | Simplified how createsuperuser tests generate passwords. | Josh Schneier | |
| 2018-08-17 | Fixed #29686 -- Made UserAdmin.user_change_password() pass user to ↵ | Alexander Todorov | |
| has_change_permission(). | |||
| 2018-08-05 | Fixed #29616 -- Fixed createsuperuser for user models that don't have a ↵ | Josh Schneier | |
| password field. | |||
| 2018-08-04 | Fixed #29628 -- Made createsuperuser validate password against username and ↵ | Josh Schneier | |
| required fields. | |||
| 2018-07-02 | Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms ↵ | Tim Graham | |
| without installing contrib.auth." This reverts commit 3333d935d2914cd80cf31f4803821ad5c0e2a51d due to a crash if USERNAME_FIELD isn't a CharField. | |||
| 2018-06-20 | Refs #27398 -- Simplified some tests with assertRedirects(). | Tim Graham | |
| 2018-06-20 | Fixed #27398 -- Added an assertion to compare URLs, ignoring the order of ↵ | Jan Pieter Waagmeester | |
| their query strings. | |||
| 2018-06-07 | Added a missing test for createsuperuser management command. | Hasan Ramezani | |
| 2018-06-03 | Fixed #10827 -- Ensured ContentTypes are created before permission creation. | Claude Paroz | |
| 2018-05-29 | Fixed #28044 -- Unified the logic for createsuperuser's interactive and ↵ | Dohyeon Kim | |
| --noinput modes. | |||
| 2018-05-27 | Added test for createsuperuser's handling of KeyboardInterrupt. | Hasan Ramezani | |
| 2018-05-17 | Increased the default PBKDF2 iterations for Django 2.2. | Tim Graham | |
| 2018-05-16 | Fixed #8936 -- Added a view permission and a read-only admin. | olivierdalang | |
| Co-authored-by: Petr Dlouhy <petr.dlouhy@email.cz> Co-authored-by: Olivier Dalang <olivier.dalang@gmail.com> | |||
| 2018-05-13 | Increased the default PBKDF2 iterations for Django 2.1. | Tim Graham | |
| 2018-05-07 | Replaced django.test.utils.patch_logger() with assertLogs(). | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2018-04-19 | Fixed #29212 -- Doc'd redirect loop if @permission_required used with ↵ | Nick Pope | |
| redirect_authenticated_user. | |||
| 2018-04-04 | Added additional AdminPasswordChangeForm tests. | Mads Jensen | |
| 2018-03-29 | Fixed #29270 -- Fixed UserChangeForm crash if password field is excluded. | Malte Gerth | |
| 2018-03-28 | Fixed #29258 -- Added type checking for login()'s backend argument. | Abeer Upadhyay | |
| 2018-03-22 | Fixed #28718 -- Allowed user to request a password reset if their password ↵ | Tim Graham | |
| doesn't use an enabled hasher. Regression in aeb1389442d0f9669edf6660b747fd10693b63a7. Reverted changes to is_password_usable() from 703c266682be39f7153498ad0d8031231f12ee79 and documentation changes from 92f48680dbd2e02f2b33f6ad0e35b7d337889fb2. | |||
| 2018-03-16 | Fixed hanging indentation in various code. | Mariusz Felisiak | |
| 2018-03-15 | Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a ↵ | Mattia Procopio | |
| non-UUID where one is expected. | |||
| 2018-03-02 | Fixed #29176 -- Fixed AbstractBaseUser.normalize_username() crash if ↵ | Christophe Mehay | |
| username isn't a string. | |||
| 2018-02-26 | Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS. | Tim Graham | |
| 2018-02-21 | Fixed #29132 -- Avoided connecting update_last_login() handler if ↵ | Mikhail Porokhovnichenko | |
| User.last_login isn't a field. | |||
| 2018-02-16 | Fixed #28379 -- Made AccessMixin raise Permissiondenied for authenticated users. | Dylan Verheul | |
| 2018-02-07 | Refs #27795 -- Removed force_bytes/text() usage in tests. | Tim Graham | |
| 2018-02-01 | Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm. | Tim Graham | |
| Reverted 359370a8b8ca0efe99b1d4630b291ec060b69225 (refs #28645). This is a security fix. | |||
