django.git - django

Age	Commit message (Collapse)	Author
2021-01-14	Refs #12990 -- Removed django.contrib.postgres.fields.JSONField per ↵	Mariusz Felisiak
	deprecation timeline.
2019-08-01	Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in ↵	Florian Apolloner
	django.utils.encoding.uri_to_iri(). Thanks to Guido Vranken for initial report.
2019-08-01	Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index ↵	Mariusz Felisiak
	lookups against SQL injection. Thanks to Sage M. Abdullah for the report and initial patch. Thanks Florian Apolloner for reviews.
2019-08-01	Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ↵	Florian Apolloner
	strip_tags() when handling incomplete HTML entities. Thanks to Guido Vranken for initial report.
2019-08-01	Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when ↵	Florian Apolloner
	truncating HTML. Thanks to Guido Vranken for initial report.
2019-07-25	Added stub release notes for security releases.	Carlton Gibson

2019-07-24	Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be ↵	Tom Forbes
	resolved.
2019-07-23	Fixed #30506 -- Fixed crash of autoreloader when path contains null characters.	Tom Forbes

2019-07-10	Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField ↵	Mariusz Felisiak
	when the right hand side is the same type. Thanks Tilman Koschnick for the report and initial patch. Thanks Carlton Gibson the review. Regression in 6b048b364ca1e0e56a0d3815bf2be33ac9998355.
2019-07-10	Fixed #30628 -- Adjusted expression identity to differentiate bound fields.	Simon Charette
	Expressions referring to different bound fields should not be considered equal. Thanks Julien Enselme for the detailed report. Regression in bc7e288ca9554ac1a0a19941302dea19df1acd21.
2019-07-09	Added stub release notes for 2.2.4.	Mariusz Felisiak