| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-07-29 | [2.2.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in ↵ | Florian Apolloner | |
| django.utils.encoding.uri_to_iri(). Thanks to Guido Vranken for initial report. | |||
| 2019-07-29 | [2.2.x] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ↵ | Florian Apolloner | |
| strip_tags() when handling incomplete HTML entities. Thanks to Guido Vranken for initial report. | |||
| 2019-07-29 | [2.2.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues ↵ | Florian Apolloner | |
| when truncating HTML. Thanks to Guido Vranken for initial report. | |||
| 2019-07-24 | [2.2.x] Fixed #30647 -- Fixed crash of autoreloader when extra directory ↵ | Tom Forbes | |
| cannot be resolved. Backport of fc75694257b5bceab82713f84fe5a1b23d641c3f from master. | |||
| 2019-07-23 | [2.2.x] Fixed #30506 -- Fixed crash of autoreloader when path contains null ↵ | Tom Forbes | |
| characters. Backport of 2ff517ccb6116c1be6338e6bdcf08a313defc5c7 from master. | |||
| 2019-06-26 | [2.2.x] Fixed #30588 -- Fixed crash of autoreloader when __main__ module ↵ | Tom Forbes | |
| doesn't have __file__ attribute. Backport of 8454f6dea49dddb821bfcb7569ea222bb487dfd1 from master | |||
| 2019-05-29 | [2.2.x] Fixed #30523 -- Fixed updating file modification times on seen files ↵ | Tom Forbes | |
| in auto-reloader when using StatReloader. Previously we updated the file mtimes if the file has not been seen before - i.e on the first iteration of the loop. If the mtime has been changed we triggered the notify_file_changed() method which in all cases except the translations will result in the process being terminated. To be strictly correct we need to update the mtime for either branch of the conditional. Regression in 6754bffa2b2df15a741008aa611c1bb0e8dff22b. Backport of 480492fe70b0bb7df61c00854dc8535c9d21ba64 from master | |||
| 2019-05-29 | [2.2.x] Fixed #30516 -- Fixed crash of autoreloader when re-raising ↵ | Tom Forbes | |
| exceptions with custom signature. Regression in c8720e7696ca41f3262d5369365cc1bd72a216ca. Backport of 0344565179527d80990e2247e3be7c04aa8c43c8 from master | |||
| 2019-05-28 | [2.2.x] Fixed #30479 -- Fixed detecting changes in manage.py by autoreloader ↵ | Tom Forbes | |
| when using StatReloader. Regression in c8720e7696ca41f3262d5369365cc1bd72a216ca. Backport of b2790f74d4f38c8b297b7c1cef6875d2378f6fa6 from master | |||
| 2019-04-29 | [2.2.x] Fixed #30323 -- Fixed detecting changes by autoreloader when using ↵ | Tom Forbes | |
| StatReloader. Backport of 6754bffa2b2df15a741008aa611c1bb0e8dff22b from master | |||
| 2019-04-26 | [2.2.x] Fixed #30361 -- Increased the default timeout of watchman client to ↵ | Jacob Green | |
| 5 seconds and made it customizable. Made the default timeout of watchman client customizable via DJANGO_WATCHMAN_TIMEOUT environment variable. Backport of ed3c59097a01ed3f32f8a8bed95307fb5c181251 from master | |||
| 2019-03-20 | [2.2.x] Fixed #30264 -- Fixed crash of test_parsing_year_less_than_70() on ↵ | Mariusz Felisiak | |
| 32-bit systems. Thanks Andreas Beckmann and Chris Lamb for the report. Backport of c9888bc8ecb8943ef08090e3325dcbdac825eafc from master | |||
| 2019-03-15 | [2.2.x] Cleaned up exception message checking in some tests. | Jon Dufresne | |
| Backport of 95b7699ffc4bdb32a504fccfd127f1b76a8a1d1c from master. | |||
| 2019-02-27 | [2.2.x] Refs #30179 -- Moved topological sort functions to django.utils. | Matthias Kestenholz | |
| Backport of e04209e181c99ac16ca769d115ac640015a83757 from master. | |||
| 2019-02-27 | [2.2.x] Fixed #30215 -- Fixed autoreloader crash for modules without __spec__. | shiningfm | |
| Regression in c8720e7696ca41f3262d5369365cc1bd72a216ca. Backport of 99cfb28e995388db109e2f2ed15307f09945dda8 from master. | |||
| 2019-02-11 | [2.2.x] Fixed spelling mistakes in comments and tests. | Semen Zhydenko | |
| Backport of 255d6a26a8839180b495c75f256641415c516b6f from master. | |||
| 2019-02-11 | [2.2.x] Fixed CVE-2019-6975 -- Fixed memory exhaustion in ↵ | Carlton Gibson | |
| utils.numberformat.format(). Thanks Sjoerd Job Postmus for the report and initial patch. Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review. Backport of 402c0caa851e265410fbcaa55318f22d2bf22ee2 from master | |||
| 2019-01-28 | [2.2.x] Fixed #25624 -- Fixed autoreload crash with jinja2.ModuleLoader. | Tom Forbes | |
| Backport of 1e92407f83ed35be35f876777935b983ab9587be from master. | |||
| 2019-01-16 | Fixed #20147 -- Added HttpRequest.headers. | Santiago Basulto | |
| 2019-01-13 | Fixed #27685 -- Added watchman support to the autoreloader. | Tom Forbes | |
| Removed support for pyinotify (refs #9722). | |||
| 2019-01-02 | Used 4 space hanging indent for dictionaries. | Tim Graham | |
| Thanks Mariusz Felisiak for auditing. | |||
| 2018-12-27 | Fixed #30024 -- Made urlencode() and Client raise TypeError when None is ↵ | Jon Dufresne | |
| passed as data. | |||
| 2018-11-27 | Switched TestCase to SimpleTestCase where possible in Django's tests. | Tim Graham | |
| 2018-11-19 | Fixed #29478 -- Added support for mangled names to cached_property. | Thomas Grainger | |
| Co-Authored-By: Sergey Fedoseev <fedoseev.sergey@gmail.com> | |||
| 2018-11-09 | Fixed #29920 -- Added a test for smart_urlquote()'s UnicodeError branch. | Srinivas Thatiparthy (శ్రీనివాస్ తాటిపర్తి) | |
| 2018-11-03 | Increased test coverage of django.utils.http. | Hasan Ramezani | |
| 2018-10-17 | Fixed #29838 -- Fixed crash when combining Q objects with __in lookups and ↵ | aspalding | |
| lists. Regression in fc6528b25ab1834be1a478b405bf8f7ec5cf860c. | |||
| 2018-10-17 | Refs #29838 -- Fixed make_hashable() for values that have lists or dicts ↵ | aspalding | |
| nested in tuples. And for non-hashable values that are iterable, e.g. sets. | |||
| 2018-10-17 | Moved make_hashable() to django.utils and added tests. | aspalding | |
| 2018-10-09 | Completed FixedOffset test coverage. | Hasan Ramezani | |
| 2018-09-28 | Refs #28909 -- Simplifed code using unpacking generalizations. | Sergey Fedoseev | |
| 2018-09-26 | Refs #29784 -- Switched to https:// links where available. | Jon Dufresne | |
| 2018-09-19 | Fixed #29772 -- Made LazyObject proxy __lt__() and __gt__(). | Javier Buzzi | |
| 2018-08-21 | Fixed #29654 -- Made text truncation an ellipsis character instead of three ↵ | Claude Paroz | |
| dots. Thanks Sudhanshu Mishra for the initial patch and Tim Graham for the review. | |||
| 2018-08-08 | Fixed #29643 -- Fixed crash when combining Q objects with __in lookups and ↵ | Mariusz Felisiak | |
| lists. Regression in fc6528b25ab1834be1a478b405bf8f7ec5cf860c. | |||
| 2018-08-07 | Refs #29244 -- Fixed django.utils.inspect.method_has_no_args() for bound ↵ | Josh Schneier | |
| methods. | |||
| 2018-08-07 | Renamed django.utils.inspect.func_has_no_args() to method_has_no_args(). | Josh Schneier | |
| 2018-08-02 | Refs #29600 -- Updated django.utils.datetime_safe now that Python 2 is ↵ | Tim Graham | |
| unsupported. | |||
| 2018-08-01 | Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware. | Andreas Hug | |
| 2018-07-20 | Fixed #29412 -- Stopped marking slugify() result as HTML safe. | Claude Paroz | |
| 2018-07-19 | Fixed #29578 -- Made numberformat.format() honor forced l10n usage. | Claude Paroz | |
| Thanks Sassan Haradji for the report. | |||
| 2018-07-09 | Fixed #29546 -- Deprecated django.utils.timezone.FixedOffset. | Sergey Fedoseev | |
| 2018-07-09 | Fixed some assertTrue() that were intended to be assertEqual(). | Sergey Fedoseev | |
| 2018-07-09 | Made test for memoryview handling in force_bytes() more strict. | Sergey Fedoseev | |
| 2018-06-29 | Fixed #29525 -- Allowed is_safe_url()'s allowed_hosts arg to be a string. | Przemysław Suliga | |
| 2018-06-28 | Refs #29514 -- Added test for get_default_timezone()/timezone.utc equality. | Carlton Gibson | |
| 2018-03-06 | Added more tests for django.utils.html.urlize(). | Tim Graham | |
| 2018-03-06 | Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in ↵ | Tim Graham | |
| django.utils.text.Truncator. Thanks James Davis for suggesting the fix. | |||
| 2018-03-06 | Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and ↵ | Tim Graham | |
| urlizetrunc template filters. Thanks Florian Apolloner for assisting with the patch. | |||
| 2018-02-10 | Added tests for utils.html.urlize() (lazy string inputs were untested). | Tim Graham | |
