Cleaned up the release notes index page, and added some stub 1.1.2 and 1.2 release notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11760 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
f5fefcc8c9
commit
cf169d9e12
|
@ -201,5 +201,5 @@ The Django open-source project
|
||||||
|
|
||||||
* **Django over time:**
|
* **Django over time:**
|
||||||
:ref:`API stability <misc-api-stability>` |
|
:ref:`API stability <misc-api-stability>` |
|
||||||
:ref:`Release notes <releases-index>` |
|
:ref:`Release notes and upgrading instructions <releases-index>` |
|
||||||
:ref:`Deprecation Timeline <internals-deprecation>`
|
:ref:`Deprecation Timeline <internals-deprecation>`
|
||||||
|
|
|
@ -46,7 +46,7 @@ To enable CSRF protection for your views, follow these steps:
|
||||||
``django.views.decorators.csrf.csrf_protect`` on particular views you
|
``django.views.decorators.csrf.csrf_protect`` on particular views you
|
||||||
want to protect (see below).
|
want to protect (see below).
|
||||||
|
|
||||||
2. In any template that uses a POST form, use the ``csrf_token`` tag inside
|
2. In any template that uses a POST form, use the :ttag:`csrf_token` tag inside
|
||||||
the ``<form>`` element if the form is for an internal URL, e.g.::
|
the ``<form>`` element if the form is for an internal URL, e.g.::
|
||||||
|
|
||||||
<form action="" method="POST">{% csrf_token %}
|
<form action="" method="POST">{% csrf_token %}
|
||||||
|
@ -123,14 +123,14 @@ as ``CsrfResponseMiddleware``, and it can be used by following these steps:
|
||||||
|
|
||||||
``CsrfResponseMiddleware`` needs to process the response before things
|
``CsrfResponseMiddleware`` needs to process the response before things
|
||||||
like compression or setting ofETags happen to the response, so it must
|
like compression or setting ofETags happen to the response, so it must
|
||||||
come after ``GZipMiddleware``, ``CommonMiddleware`` and
|
come after ``GZipMiddleware``, ``CommonMiddleware`` and
|
||||||
``ConditionalGetMiddleware`` in the list. It also must come after
|
``ConditionalGetMiddleware`` in the list. It also must come after
|
||||||
``CsrfViewMiddleware``.
|
``CsrfViewMiddleware``.
|
||||||
|
|
||||||
Use of the ``CsrfResponseMiddleware`` is not recommended because of the
|
Use of the ``CsrfResponseMiddleware`` is not recommended because of the
|
||||||
performance hit it imposes, and because of a potential security problem (see
|
performance hit it imposes, and because of a potential security problem (see
|
||||||
below). It can be used as an interim measure until applications have been
|
below). It can be used as an interim measure until applications have been
|
||||||
updated to use the ``{% csrf_token %}`` tag. It is deprecated and will be
|
updated to use the :ttag:`csrf_token` tag. It is deprecated and will be
|
||||||
removed in Django 1.4.
|
removed in Django 1.4.
|
||||||
|
|
||||||
Django 1.1 and earlier provided a single ``CsrfMiddleware`` class. This is also
|
Django 1.1 and earlier provided a single ``CsrfMiddleware`` class. This is also
|
||||||
|
@ -199,7 +199,7 @@ Note that contrib apps, such as the admin, have been updated to use the
|
||||||
``CsrfViewMiddleware`` to your settings. However, if you have supplied
|
``CsrfViewMiddleware`` to your settings. However, if you have supplied
|
||||||
customised templates to any of the view functions of contrib apps (whether
|
customised templates to any of the view functions of contrib apps (whether
|
||||||
explicitly via a keyword argument, or by overriding built-in templates), **you
|
explicitly via a keyword argument, or by overriding built-in templates), **you
|
||||||
MUST update them** to include the ``csrf_token`` template tag as described
|
MUST update them** to include the :ttag:`csrf_token` template tag as described
|
||||||
above, or they will stop working. (If you cannot update these templates for
|
above, or they will stop working. (If you cannot update these templates for
|
||||||
some reason, you will be forced to use ``CsrfResponseMiddleware`` for these
|
some reason, you will be forced to use ``CsrfResponseMiddleware`` for these
|
||||||
views to continue working).
|
views to continue working).
|
||||||
|
@ -364,7 +364,7 @@ exactly that.
|
||||||
Caching
|
Caching
|
||||||
=======
|
=======
|
||||||
|
|
||||||
If the ``csrf_token`` template tag is used by a template (or the ``get_token``
|
If the :ttag:`csrf_token` template tag is used by a template (or the ``get_token``
|
||||||
function is called some other way), ``CsrfViewMiddleware`` will add a cookie and
|
function is called some other way), ``CsrfViewMiddleware`` will add a cookie and
|
||||||
a ``Vary: Cookie`` header to the response. Similarly,
|
a ``Vary: Cookie`` header to the response. Similarly,
|
||||||
``CsrfResponseMiddleware`` will send the ``Vary: Cookie`` header if it inserted
|
``CsrfResponseMiddleware`` will send the ``Vary: Cookie`` header if it inserted
|
||||||
|
|
|
@ -51,7 +51,7 @@ comment
|
||||||
|
|
||||||
Ignore everything between ``{% comment %}`` and ``{% endcomment %}``
|
Ignore everything between ``{% comment %}`` and ``{% endcomment %}``
|
||||||
|
|
||||||
.. templatetag:: cycle
|
.. templatetag:: csrf_token
|
||||||
|
|
||||||
csrf_token
|
csrf_token
|
||||||
~~~~~~~~~~
|
~~~~~~~~~~
|
||||||
|
@ -63,6 +63,8 @@ future compatibility purposes. In Django 1.2 and later, it is used for CSRF
|
||||||
protection, as described in the documentation for :ref:`Cross Site Request
|
protection, as described in the documentation for :ref:`Cross Site Request
|
||||||
Forgeries <ref-contrib-csrf>`.
|
Forgeries <ref-contrib-csrf>`.
|
||||||
|
|
||||||
|
.. templatetag:: cycle
|
||||||
|
|
||||||
cycle
|
cycle
|
||||||
~~~~~
|
~~~~~
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
.. _releases-1.1.2:
|
||||||
|
|
||||||
|
==============================================
|
||||||
|
Django 1.1.2 release notes — UNDER DEVELOPMENT
|
||||||
|
==============================================
|
||||||
|
|
||||||
|
This page documents release notes for the as-yet-unreleased Django
|
||||||
|
1.1.2. As such it is tentative and subject to change. It provides
|
||||||
|
up-to-date information for those who are following the 1.1.X branch.
|
||||||
|
|
||||||
|
This is the second "bugfix" release in the Django 1.1 series,
|
||||||
|
improving the stability and performance of the Django 1.1 codebase.
|
||||||
|
|
||||||
|
Django 1.1.2 maintains backwards compatibility with Django
|
||||||
|
1.1.0, but contain a number of fixes and other
|
||||||
|
improvements. Django 1.1.2 is a recommended upgrade for any
|
||||||
|
development or deployment currently using or targeting Django 1.1.
|
||||||
|
|
||||||
|
For full details on the new features, backwards incompatibilities, and
|
||||||
|
deprecated features in the 1.1 branch, see the :ref:`releases-1.1`.
|
||||||
|
|
||||||
|
One new feature
|
||||||
|
---------------
|
||||||
|
|
||||||
|
Ordinarily, a point release would not include new features, but in the
|
||||||
|
case of Django 1.1.2, we have made an exception to this rule. Django
|
||||||
|
1.2 (the next major release of Django) will contain a feature that
|
||||||
|
will improve protection against Cross-Site Request Forgery (CSRF)
|
||||||
|
attacks. This feature requires the use of a new :ttag:`csrf_token`
|
||||||
|
template tag in all forms that Django renders.
|
||||||
|
|
||||||
|
To make it easier to support both 1.1.X and 1.2.X versions of Django with
|
||||||
|
the same templates, we have decided to introduce the :ttag:`csrf_token` template
|
||||||
|
tag to the 1.1.X branch. In the 1.1.X branch, :ttag:`csrf_token` does nothing -
|
||||||
|
it has no effect on templates or form processing. However, it means that the
|
||||||
|
same template will work with Django 1.2.
|
|
@ -8,6 +8,11 @@ This page documents release notes for the as-yet-unreleased Django 1.2. As such
|
||||||
it is tentative and subject to change. It provides up-to-date information for
|
it is tentative and subject to change. It provides up-to-date information for
|
||||||
those who are following trunk.
|
those who are following trunk.
|
||||||
|
|
||||||
|
Django 1.2 includes a number of nifty `new features`_, lots of bug
|
||||||
|
fixes, and an easy upgrade path from Django 1.1.
|
||||||
|
|
||||||
|
.. _new features: `What's new in Django 1.2`_
|
||||||
|
|
||||||
.. _backwards-incompatible-changes-1.2:
|
.. _backwards-incompatible-changes-1.2:
|
||||||
|
|
||||||
Backwards-incompatible changes in 1.2
|
Backwards-incompatible changes in 1.2
|
||||||
|
@ -68,3 +73,37 @@ Features deprecated in 1.2
|
||||||
==========================
|
==========================
|
||||||
|
|
||||||
None.
|
None.
|
||||||
|
|
||||||
|
What's new in Django 1.2
|
||||||
|
========================
|
||||||
|
|
||||||
|
CSRF support
|
||||||
|
------------
|
||||||
|
|
||||||
|
Django now has much improved protection against :ref:`Cross-Site
|
||||||
|
Request Forgery (CSRF) attacks<ref-contrib-csrf>`. This type of attack
|
||||||
|
occurs when a malicious Web site contains a link, a form button or
|
||||||
|
some javascript that is intended to perform some action on your Web
|
||||||
|
site, using the credentials of a logged-in user who visits the
|
||||||
|
malicious site in their browser. A related type of attack, 'login
|
||||||
|
CSRF', where an attacking site tricks a user's browser into logging
|
||||||
|
into a site with someone else's credentials, is also covered.
|
||||||
|
|
||||||
|
Email Backends
|
||||||
|
--------------
|
||||||
|
|
||||||
|
You can now :ref:`configure the way that Django sends email
|
||||||
|
<topic-email-backends>`. Instead of using SMTP to send all email, you
|
||||||
|
can now choose a configurable email backend to send messages. If your
|
||||||
|
hosting provider uses a sandbox or some other non-SMTP technique for
|
||||||
|
sending mail, you can now construct an email backend that will allow
|
||||||
|
Django's standard :ref:`mail sending methods<topics-email>` to use
|
||||||
|
those facilities.
|
||||||
|
|
||||||
|
This also makes it easier to debug mail sending - Django ships with
|
||||||
|
backend implementations that allow you to send email to a
|
||||||
|
:ref:`file<topic-email-file-backend>`, to the
|
||||||
|
:ref:`console<topic-email-console-backend>`, or to
|
||||||
|
:ref:`memory<topic-email-memory-backend>` - you can even configure all
|
||||||
|
email to be :ref:`thrown away<topic-email-console-backend>`.
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
.. _releases-index:
|
.. _releases-index:
|
||||||
|
|
||||||
|
=============
|
||||||
Release notes
|
Release notes
|
||||||
=============
|
=============
|
||||||
|
|
||||||
|
@ -7,37 +8,60 @@ Release notes for the official Django releases. Each release note will tell you
|
||||||
what's new in each version, and will also describe any backwards-incompatible
|
what's new in each version, and will also describe any backwards-incompatible
|
||||||
changes made in that version.
|
changes made in that version.
|
||||||
|
|
||||||
|
For those upgrading to a new version of Django, you will need to check
|
||||||
|
all the backwards-incompatible changes and deprecated features for
|
||||||
|
each 'final' release from the one after your current Django version,
|
||||||
|
up to and including the new version.
|
||||||
|
|
||||||
|
Final releases
|
||||||
|
==============
|
||||||
|
|
||||||
|
1.2 release
|
||||||
|
-----------
|
||||||
.. toctree::
|
.. toctree::
|
||||||
:maxdepth: 1
|
:maxdepth: 1
|
||||||
|
|
||||||
0.95
|
1.2
|
||||||
0.96
|
|
||||||
1.0-alpha-1
|
1.1 release
|
||||||
1.0-alpha-2
|
-----------
|
||||||
1.0-beta
|
.. toctree::
|
||||||
1.0-beta-2
|
:maxdepth: 1
|
||||||
1.0
|
|
||||||
1.0.1
|
1.1.2
|
||||||
1.0.2
|
|
||||||
1.1-alpha-1
|
|
||||||
1.1-beta-1
|
|
||||||
1.1-rc-1
|
|
||||||
1.1
|
1.1
|
||||||
|
|
||||||
Upgrading
|
1.0 release
|
||||||
=========
|
-----------
|
||||||
|
.. toctree::
|
||||||
|
:maxdepth: 1
|
||||||
|
|
||||||
For those upgrading to a new version of Django, you will need to check all the
|
1.0.2
|
||||||
backwards-incompatible changes and deprecated features for each 'final' release
|
1.0.1
|
||||||
from the one after your old version up to and including your new version. The
|
1.0
|
||||||
relevant sections of the release notes are linked below below for your
|
|
||||||
convenience.
|
|
||||||
|
|
||||||
For those following trunk, the tentative release notes for the next version to
|
Pre-1.0 releases
|
||||||
be released are also included at the bottom. This is kept up to date with new
|
----------------
|
||||||
features and changes that you need to be aware of.
|
.. toctree::
|
||||||
|
:maxdepth: 1
|
||||||
|
|
||||||
* :ref:`backwards-incompatible-changes-1.1`
|
0.96
|
||||||
* :ref:`deprecated-features-1.1`
|
0.95
|
||||||
* :ref:`backwards-incompatible-changes-1.2`
|
|
||||||
* :ref:`deprecated-features-1.2`
|
Development releases
|
||||||
|
====================
|
||||||
|
|
||||||
|
These notes are retained for historical purposes. If you are upgrading
|
||||||
|
between formal Django releases, you don't need to worry about these
|
||||||
|
notes.
|
||||||
|
|
||||||
|
.. toctree::
|
||||||
|
:maxdepth: 1
|
||||||
|
|
||||||
|
1.1-rc-1
|
||||||
|
1.1-beta-1
|
||||||
|
1.1-alpha-1
|
||||||
|
1.0-beta-2
|
||||||
|
1.0-beta
|
||||||
|
1.0-alpha-2
|
||||||
|
1.0-alpha-1
|
||||||
|
|
|
@ -421,6 +421,8 @@ want to specify it explicitly, put the following in your settings::
|
||||||
still available in ``django.core.mail`` as an alias for the SMTP backend.
|
still available in ``django.core.mail`` as an alias for the SMTP backend.
|
||||||
New code should use :meth:`~django.core.mail.get_connection` instead.
|
New code should use :meth:`~django.core.mail.get_connection` instead.
|
||||||
|
|
||||||
|
.. _topic-email-console-backend:
|
||||||
|
|
||||||
Console backend
|
Console backend
|
||||||
~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
@ -436,6 +438,8 @@ To specify this backend, put the following in your settings::
|
||||||
This backend is not intended for use in production -- it is provided as a
|
This backend is not intended for use in production -- it is provided as a
|
||||||
convenience that can be used during development.
|
convenience that can be used during development.
|
||||||
|
|
||||||
|
.. _topic-email-file-backend:
|
||||||
|
|
||||||
File backend
|
File backend
|
||||||
~~~~~~~~~~~~
|
~~~~~~~~~~~~
|
||||||
|
|
||||||
|
@ -453,6 +457,8 @@ To specify this backend, put the following in your settings::
|
||||||
This backend is not intended for use in production -- it is provided as a
|
This backend is not intended for use in production -- it is provided as a
|
||||||
convenience that can be used during development.
|
convenience that can be used during development.
|
||||||
|
|
||||||
|
.. _topic-email-memory-backend:
|
||||||
|
|
||||||
In-memory backend
|
In-memory backend
|
||||||
~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
@ -469,6 +475,8 @@ To specify this backend, put the following in your settings::
|
||||||
This backend is not intended for use in production -- it is provided as a
|
This backend is not intended for use in production -- it is provided as a
|
||||||
convenience that can be used during development and testing.
|
convenience that can be used during development and testing.
|
||||||
|
|
||||||
|
.. _topic-email-dummy-backend:
|
||||||
|
|
||||||
Dummy backend
|
Dummy backend
|
||||||
~~~~~~~~~~~~~
|
~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue