summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-02-19[1.3.x] Bump version numbers for security release.1.3.6James Bennett
2013-02-19[1.3.x] Update 1.3.6 release notes for all security fixes.Carl Meyer
2013-02-12[1.3.x] Added a default limit to the maximum number of forms in a formset.Aymeric Augustin
This is a security fix. Disclosure and advisory coming shortly.
2013-02-12[1.3.x] Checked object permissions on admin history view.Carl Meyer
This is a security fix. Disclosure and advisory coming shortly. Patch by Russell Keith-Magee.
2013-02-12[1.3.x] Restrict the XML deserializer to prevent network and ↵Carl Meyer
entity-expansion DoS attacks. This is a security fix. Disclosure and advisory coming shortly.
2013-02-12[1.3.x] Added ALLOWED_HOSTS setting for HTTP host header validation.Carl Meyer
This is a security fix; disclosure and advisory coming shortly.
2012-12-10[1.3.X] Fixed a test failure in the comment tests.Florian Apolloner
Backport of 1eb0da1c5ba3096f218d1df13d02a2b8e1ac7a36 from master.
2012-12-10[1.3.x] Bump version numbers for security release.1.3.5James Bennett
2012-12-03[1.3.X] Fixed a security issue in get_host.Florian Apolloner
Full disclosure and new release forthcoming.
2012-11-17[1.3.X] Fixed #18856 -- Ensured that redirects can't be poisoned by ↵Florian Apolloner
malicious users.
2012-10-18Added missed poisoned host header test materialPreston Holmes
2012-10-17[1.3.x] Bump version numbers for security release.1.3.4James Bennett
2012-10-17Fixed a security issue related to password resetsPreston Holmes
Full disclosure and new release are forthcoming backport from master
2012-08-01[1.3.x] Bump version numbers for bugfix release.1.3.3James Bennett
2012-08-01[1.3.x] Fixed #18692 -- Restored python 2.4 compatibility.Florian Apolloner
Thanks to chipx86 for the report.
2012-07-30[1.3.x] Use correct download URL.1.3.2James Bennett
2012-07-30[1.3.x] Bump version numbers for security releases.James Bennett
2012-07-30[1.3.x] Fixed a security issue in http redirects. Disclosure and new release ↵Florian Apolloner
forthcoming. Backport of 4129201c3e0fa057c198bdefcb34686a23b4a93c from master.
2012-07-30[1.3.x] Fixed second security issue in image uploading. Disclosure and ↵Florian Apolloner
release forthcoming. Backport of b1d463468694f2e91fde67221b7996e9c52a9720 from master.
2012-07-30[1.3.x] Fixed a security issue in image uploading. Disclosure and release ↵Florian Apolloner
forthcoming. Backport of dd16b17099b7d86f27773df048c5014cf439b282 from master.
2012-05-28Reverted "[1.3.x] Fixed #18135 -- Close connection used for db version checking"Anssi Kääriäinen
This reverts commit a15d3b58d8c4cbb6137f0458544ec03f3394bb08. Django 1.3.x is in security fixes only state, and this wasn't a security issue.
2012-05-27[1.3.x] Fixed #18135 -- Close connection used for db version checkingMichael Newman
On MySQL when checking the server version, a new connection could be created but never closed. This could result in open connections on server startup. Backport of 4423757c0c50afbe2470434778c8d5e5b4a70925.
2012-03-31[1.3.X] Fixed #17972 -- Ensured that admin filters on a foreign key respect ↵Julien Phalip
the to_field attribute. This fixes a regression introduced in [14674] and Django 1.3. Thanks to graveyboat and Karen Tracey for the report. Backport of r17854 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17857 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-25[1.3.X] Fixed #17634 -- Optimized the performance of MultiValueDict by using ↵Aymeric Augustin
append instead of copy and by minimizing the number of dict lookups. Backport of r17464 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17807 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-24[1.3.X] Avoided a test failure if the settings module used to run the test ↵Aymeric Augustin
suite is called "test_settings". The globbing feature and this test were removed in 1.4. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17806 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-24[1.3.x] Fixed #16481 -- Adapted one raw SQL query in cull implementation of ↵Aymeric Augustin
the database-based cache backend so it works with Oracle. Backport of r16635 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17805 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-24[1.3.X] Fixed #16677 -- Fixed the future version of the ssi template tag to ↵Aymeric Augustin
work with template file names that contain spaces. Backport of r16687 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17804 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-24[1.3.X] Fixed #16812 -- Percent-encode URLs in verify_exists, to fix test ↵Aymeric Augustin
failures on Python 2.5 and 2.6. Backport of r16838 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17803 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-17[1.3.X] Fixed #17488 -- This test passed in 2011 only because 2012-01-01 is ↵Ramiro Morales
a Sunday. Thanks Florian Apolloner for the report and patch. Fixes #17912. Thanks Julien for the report. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17759 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-16[1.3.X] Fixed #17841 -- Clarified caching note about authentication ↵Claude Paroz
backends. Thanks auzigog for the proposal and lukegb for the patch. Backport of r17752 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17753 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-16[1.3.X] Fixed #17908 -- Made some `contrib.markup` tests be skipped so they ↵Julien Phalip
don't fail on old versions of Markdown. Thanks to Preston Holmes for the patch. Backport of r17749 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17750 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-16[1.3.X] Ensured that some staticfiles tests get properly cleaned up on ↵Julien Phalip
teardown. Thanks to Claude Paroz for the patch. Backport of r17747 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17748 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-15[1.3.X] Fixed #17900 -- StreamHandler output defaults to stderr. Thanks ↵Claude Paroz
c4m3lo for the report. Backport of r17741 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17742 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-14[1.3.X] Fixed #17837. Improved markdown safety.Paul McMillan
Markdown enable_attributes is now False when safe_mode is enabled. Documented the markdown "safe" argument. Added warnings when the safe argument is passed to versions of markdown which cannot be made safe. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17734 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-14[1.3.X] Updated some outdated external URLs in docs.Claude Paroz
Backport of r17710 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17711 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-13Fixed #17584 -- Updated create_template_postgis-debian.sh script for ↵Claude Paroz
PostgreSQL 9.1 installs. Thanks akaihola for the initial patch. Backport of r17706 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17707 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-12[1.3.X] Fixed the localization docs a little to point to the correct ↵Jannis Leidel
Transifex URL. Also reworded it a bit to follow the site's new UI. Backport from trunk (r17690). git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17691 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-01[1.3.X] Fixed #17737 -- Stopped the collectstatic management command from ↵Jannis Leidel
copying the wrong file in repeated runs. Thanks, pigletto. Backport from trunk (r17612). git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17613 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-01[1.3.X] Fixed broken link to python-markdown in contrib.markup docs.Carl Meyer
Backport of r17608 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-25[1.3.X] Fixed #17743 - Typo in topics/i18n/index.txtTimo Graham
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17587 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-24[1.3.X] Fixed #17757 - Typo in docs/intro/overview.txt; thanks kaushik1618.Timo Graham
Backport of r17584 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17585 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-24[1.3.X] Fixed #17749 - Documented better way of overriding ModelAdmin; ↵Timo Graham
thanks chrisdpratt and claudep. Backport of r17582 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17583 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-22[1.3.X] Don't let ALLOWED_INCLUDE_ROOTS be accidentally set to a string ↵Chris Beaven
rather than a tuple. Backport of r17571 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17572 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-20[1.3.X] Fixed #16758 - Added a warning regarding overriding default ↵Timo Graham
settings; thanks cyclops for the suggestion & Aymeric Augustin for the patch. Backport of r17566 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17567 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-20[1.3.X] Fixed #17390 - Added a note to topics/auth.txt regarding how to ↵Timo Graham
decorate class-based generic views; thanks zsiciarz for the patch. Backport of r17564 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17565 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-19[1.3.X] Fixed #17319 -- Made the example for set_language less error-prone. ↵Aymeric Augustin
Backport of r17560 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17561 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-19[1.3.X] Fixed #17166 -- Documented how FIXTURE_DIRS works in the inital data ↵Aymeric Augustin
how-to, and edited related bits in the settings reference. Backport of r17558 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17559 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-19[1.3.X] Fixed #17316 -- Mentionned that the MultipleProxyMiddleware provided ↵Aymeric Augustin
as an example must run rather early. Backport of r17556 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17557 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-19[1.3.X] Fixed #16452 -- Clarified that the DATE/DATETIME/TIME_INPUT_FORMATS ↵Aymeric Augustin
settings have no effect when USE_L10N is True. Backport of r17554 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17555 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-19[1.3.X] Fixed #17573 -- Documented MySQL's switch to InnoDB as default ↵Aymeric Augustin
storage engine. Backport of r17552 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17553 bcc190cf-cafb-0310-a4f2-bffc1f526a37
generated by cgit v1.3 (git 2.53.0) at 2026-05-01 20:53:37 +0000