innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
24,407 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

24407 Commits

Author SHA1 Message Date
Mariusz Felisiak c669cf279a [1.11.x] Fixed GeoQuerySetTest.test_unionagg_tolerance() test on Oracle 18c. 
Backport of 5ca76baa72 from master
 2020-03-05 08:57:26 +01:00
Mariusz Felisiak 51a6edc4b0 [1.11.x] Fixed typo in docs/releases/1.11.29.txt. 
Backport of 43f8ba1c7c from master
 2020-03-04 10:49:40 +01:00
Mariusz Felisiak 48cf72b981 [1.11.x] Added CVE-2020-9402 to security archive. 
Backport of f37f9a0bf0 from master
 2020-03-04 10:11:26 +01:00
Mariusz Felisiak 22384d417b [1.11.x] Post-release version bump. 2020-03-04 09:53:00 +01:00
Mariusz Felisiak f1e3017aea [1.11.x] Bumped version for 1.11.29 release. 2020-03-04 09:49:38 +01:00
Mariusz Felisiak 02d97f3c9a [1.11.x] Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle. 
Thanks to Norbert Szetei for the report.
 2020-03-04 09:47:05 +01:00
Mariusz Felisiak e643833562 [1.11.x] Pinned PyYAML < 5.3 in test requirements. 
PyYAML 5.3+ doesn't support Python 3.4.
 2020-02-04 10:06:07 +01:00
Carlton Gibson d0e3eb8e82 [1.11.x] Added CVE-2020-7471 to security archive. 
Backport of d8b2ccbbb8 from master
 2020-02-03 10:15:26 +01:00
Carlton Gibson 9a62ed5d5f [1.11.x] Post-release version bump. 2020-02-03 09:27:14 +01:00
Carlton Gibson e09f09b965 [1.11.x] Bumped version for 1.11.28 release. 2020-02-03 09:16:55 +01:00
Carlton Gibson 001b0634cd [1.11.x] Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter. 2020-01-26 19:02:04 +01:00
Mariusz Felisiak 7fd1ca3ef6 [1.11.x] Fixed timezones tests for PyYAML 5.3+. 
Backport of 8be477be5c from master
 2020-01-07 09:56:12 +01:00
Mariusz Felisiak 121115d2c2 [1.11.x] Added CVE-2019-19844 to the security archive. 
Backport of 5a2b9f0b54 from master
 2019-12-18 10:40:52 +01:00
Mariusz Felisiak 2c4fb9a35d [1.11.x] Post-release version bump. 2019-12-18 09:35:18 +01:00
Mariusz Felisiak 358973a12e [1.11.x] Bumped version for 1.11.27 release. 2019-12-18 09:32:29 +01:00
Simon Charette f4cff43bf9 [1.11.x] Fixed CVE-2019-19844 -- Used verified user email for password reset requests. 
Backport of 5b1fbcef7a from master.

Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
 2019-12-18 09:17:28 +01:00
Mariusz Felisiak a2355740ed [1.11.x] Refs #31073 -- Added release notes for 02eff7ef60. 
Backport of ec12c37384 from master.
 2019-12-11 10:14:57 +01:00
Peter Andersen e8fdf00cc2 [1.11.x] Fixed #31073 -- Prevented CheckboxInput.get_context() from mutating attrs. 
Backport of 02eff7ef60 from master.
 2019-12-11 09:43:36 +01:00
Mariusz Felisiak 4f1501660b [1.11.x] Post-release version bump. 2019-11-04 09:31:11 +01:00
Mariusz Felisiak f24d305761 [1.11.x] Bumped version for 1.11.26 release. 2019-11-04 09:21:03 +01:00
Mariusz Felisiak 4017507660 [1.11.x] Added release date for 1.11.26. 
Backport of 126cfefce2 from master
 2019-11-04 08:30:17 +01:00
Louise Grandjonc a843a9ba8d [1.11.x] Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform. 
Regression in 6c3dfba892.

Backport of 7d1bf29977 from master.
 2019-10-11 12:01:42 +02:00
Mariusz Felisiak cf2b475aab [1.11.x] Added stub release notes for 1.11.26. 
Backport of 84322a29ce from master
 2019-10-02 07:58:03 +02:00
Carlton Gibson b73bb46d42 [1.11.x] Post-release version bump. 2019-10-01 10:06:53 +02:00
Carlton Gibson 81f0da91fb [1.11.x] Bumped version for 1.11.25 release. 2019-10-01 09:54:07 +02:00
Carlton Gibson 9d2916faf5 [1.11.x] Added release date for 1.11.25. 
Backport of 3826aed46d from master.
 2019-10-01 09:01:51 +02:00
Simon Charette fd393907c9 [1.11.x] Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation. 
This was a regression introduced by 7deeabc7c7
to address CVE-2019-14234.

Thanks Tim Kleinschmidt for the report and Mariusz for the tests.

Backport of 6c3dfba892 from master.
 2019-09-16 09:05:48 +02:00
Mariusz Felisiak 30c3d5fd73 [1.11.x] Added stub release notes for 1.11.25. 
Backport of bd7e0f81f8 from master
 2019-09-16 07:45:42 +02:00
Mariusz Felisiak f213c4c406 [1.11.x] Post-release version bump. 2019-09-02 09:02:39 +02:00
Mariusz Felisiak 4c049c805a [1.11.x] Bumped version for 1.11.24 release. 2019-09-02 08:45:34 +02:00
Mariusz Felisiak 835b62a588 [1.11.x] Added release date for 1.11.24. 
Backport of 47f49adc11 from master.
 2019-09-02 07:49:10 +02:00
Mariusz Felisiak 473c526b1b [1.11.x] Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params. 
Regression in 4f5b58f5cd.

Thanks Florian Apolloner for the report and helping with tests.

Backport of 1f8382d34d from master.
 2019-08-14 15:58:10 +02:00
Carlton Gibson 3deda1f680 [1.11.x] Added CVE-2019-14235 to security release archive. 
Backport of a5652eb795 from master
 2019-08-01 12:07:11 +02:00
Carlton Gibson 738b45dd3b [1.11.x] Added CVE-2019-14234 to security release archive. 
Backport of 3a6a2f5eaf from master
 2019-08-01 12:07:06 +02:00
Carlton Gibson 7482d25f1e [1.11.x] Added CVE-2019-14233 to security release archive. 
Backport of 9600f63885 from master
 2019-08-01 12:07:00 +02:00
Carlton Gibson ba791617e0 [1.11.x] Added CVE-2019-14232 to the security release archive. 
Backport of 87750787d1 from master
 2019-08-01 12:06:54 +02:00
Carlton Gibson 1e6a5b0001 [1.11.x] Post-release version bump. 2019-08-01 10:46:21 +02:00
Carlton Gibson 974897759e [1.11.x] Bumped version for 1.11.23 release. 2019-08-01 10:43:51 +02:00
Florian Apolloner 869b34e9b3 [1.11.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri(). 
Thanks to Guido Vranken for initial report.
 2019-07-31 21:29:17 +02:00
Mariusz Felisiak ed682a24fc [1.11.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection. 
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
 2019-07-31 21:29:17 +02:00
Florian Apolloner 52479acce7 [1.11.x] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities. 
Thanks to Guido Vranken for initial report.
 2019-07-29 11:20:43 +02:00
Florian Apolloner 42a66e9690 [1.11.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML. 
Thanks to Guido Vranken for initial report.
 2019-07-29 11:18:34 +02:00
Carlton Gibson 693046e54b [1.11.x] Added stub release notes for security releases. 
Backport of f13147c8de from master.
 2019-07-25 10:58:17 +02:00
Mariusz Felisiak 6d054b5a8f [1.11.x] Added CVE-2019-12781 to the security release archive. 
Backport of 868cd56f05 from master
 2019-07-01 10:24:29 +02:00
Mariusz Felisiak 7c849b9e3b [1.11.x] Post-release version bump. 2019-07-01 08:47:34 +02:00
Mariusz Felisiak 480380c993 [1.11.x] Bumped version for 1.11.22 release. 2019-07-01 08:43:35 +02:00
Carlton Gibson 32124fc41e [1.11.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.

Backport of 54d0f5e62f from master.
 2019-07-01 08:40:19 +02:00
Mariusz Felisiak 58553bb297 [1.11.x] Added stub release notes for security releases. 
Backport of 30b3ee9d0b from master
 2019-07-01 07:05:49 +02:00
Mariusz Felisiak bc5febec4e [1.11.x] Fixed GeoIPTest.test04_city() failure with the latest GeoIP2 database. 
Backport of 4305fbe8b1 from master.
 2019-06-30 20:21:27 +02:00
Markus Holtermann 790696836f [1.11.x] Bumped minimum ESLint version to 4.18.2. 
Backport of ad7b438002 from master.
 2019-06-21 18:18:36 +02:00