innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
26,097 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

10820 Commits

Author SHA1 Message Date
Carlton Gibson 2fc998e3ba [2.1.x] Added release date for 2.1.15. 
Backport of e31d185267 from master
 2019-12-02 09:14:54 +01:00
Carlton Gibson 103ebe2b5f Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin. 
Thank you to Shen Ying for reporting this issue.
 2019-12-02 08:58:35 +01:00
Mariusz Felisiak f57f81a7fe [2.1.x] Refs #30953 -- Added 2.1.15 release note for 0107e3d105. 
Backport of 39e39d0ac1 from master
 2019-12-02 08:19:18 +01:00
Mariusz Felisiak 015fab76ad [2.1.x] Fixed #30953 -- Made select_for_update() lock queryset's model when using "self" with multi-table inheritance. 
Thanks Abhijeet Viswa for the report and initial patch.

Backport of 0107e3d105 from master.
 2019-12-02 08:13:13 +01:00
Sergey Fedoseev ed50f6c424 [2.1.x] Made versionadded/versionchanged annotations without a content end with ".". 
Regression in d2afa5eb23.
Backport of 5032556483 from master
 2019-11-21 09:04:30 +01:00
Mariusz Felisiak 0423ea1fa8 [2.1.x] Added stub release notes for 2.1.15. 
Backport of e9def97d10 from master
 2019-11-19 12:45:25 +01:00
Mariusz Felisiak 341b2aa658 [2.1.x] Added release dates for 2.1.14 and 1.11.26. 
Backport of 126cfefce2 from master
 2019-11-04 08:28:19 +01:00
Louise Grandjonc 522af9d673 [2.1.x] Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform. 
Regression in 6c3dfba892.

Backport of 7d1bf29977 from master.
 2019-10-11 11:57:16 +02:00
Mariusz Felisiak 608b787135 [2.1.x] Added stub release notes for 1.11.26 and 2.1.14. 
Backport of 84322a29ce from master
 2019-10-02 07:56:33 +02:00
Carlton Gibson 27e7e1c8ee [2.1.x] Added release dates for 2.1.13, and 1.11.25. 
Backport of 3826aed46d from master.
 2019-10-01 09:00:01 +02:00
David Vaz 1556a67c65 [2.1.x] Fixed #30216 -- Doc'd that BooleanField is no longer blank=True in Django 2.1. 
Backport of a6972e8854 from stable/2.2.x
 2019-09-27 13:02:08 +02:00
Simon Charette db181f4b7c [2.1.x] Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation. 
This was a regression introduced by 7deeabc7c7
to address CVE-2019-14234.

Thanks Tim Kleinschmidt for the report and Mariusz for the tests.

Backport of 6c3dfba892 from master.
 2019-09-16 08:55:16 +02:00
Mariusz Felisiak 0cdd27de1a [2.1.x] Added stub release notes for 1.11.25 and 2.1.13. 
Backport of bd7e0f81f8 from master
 2019-09-16 07:44:19 +02:00
Mariusz Felisiak df853647d7 [2.1.x] Added release dates for 2.1.12 and 1.11.24. 
Backport of 47f49adc11 from master.
 2019-09-02 07:46:49 +02:00
Mariusz Felisiak 968b9af9b7 [2.1.x] Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params. 
Regression in 4f5b58f5cd.

Thanks Florian Apolloner for the report and helping with tests.

Backport of 1f8382d34d from master.
 2019-08-14 15:37:01 +02:00
Carlton Gibson 46c2856543 [2.1.x] Added CVE-2019-14235 to security release archive. 
Backport of a5652eb795 from master
 2019-08-01 12:06:02 +02:00
Carlton Gibson 8403afd843 [2.1.x] Added CVE-2019-14234 to security release archive. 
Backport of 3a6a2f5eaf from master
 2019-08-01 12:05:56 +02:00
Carlton Gibson 8ffd075373 [2.1.x] Added CVE-2019-14233 to security release archive. 
Backport of 9600f63885 from master
 2019-08-01 12:05:49 +02:00
Carlton Gibson dbecd71e43 [2.1.x] Added CVE-2019-14232 to the security release archive. 
Backport of 87750787d1 from master
 2019-08-01 12:05:42 +02:00
Florian Apolloner 5d50a2e5fa [2.1.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri(). 
Thanks to Guido Vranken for initial report.
 2019-07-31 12:43:32 +02:00
Mariusz Felisiak f74b3ae362 [2.1.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection. 
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
 2019-07-31 12:43:32 +02:00
Florian Apolloner 5ff8e79114 [2.1.X] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities. 
Thanks to Guido Vranken for initial report.
 2019-07-29 11:12:53 +02:00
Florian Apolloner c23723a155 [2.1.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML. 
Thanks to Guido Vranken for initial report.
 2019-07-29 11:09:18 +02:00
Carlton Gibson 24eba901eb [2.1.x] Added stub release notes for security releases. 
Backport of f13147c8de from master
 2019-07-25 10:54:51 +02:00
Mariusz Felisiak 765dac3d76 [2.1.x] Added CVE-2019-12781 to the security release archive. 
Backport of 868cd56f05 from master
 2019-07-01 10:21:48 +02:00
Carlton Gibson 1e40f427bb [2.1.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.

Backport of 54d0f5e62f from master
 2019-07-01 08:24:47 +02:00
Mariusz Felisiak 87be9c9626 [2.1.x] Added stub release notes for security releases. 
Backport of 30b3ee9d0b from master
 2019-07-01 07:04:03 +02:00
Nick Pope d58f8e4235 [2.1.x] Added CVE-2019-12308 to the security release archive. 
Backport of 21b1d23912 from master
 2019-06-03 21:46:58 +02:00
Nick Pope 8827e09944 [2.1.x] Added CVE-2019-11358 to the security release archive. 
Backport of 8fb0ea5583 from master
 2019-06-03 21:46:54 +02:00
Mariusz Felisiak 73158f19f1 [2.1.x] Fixed typos in 1.11.21, 2.1.9, 2.2.2 release notes. 
Backport of 100ec901ae from master
 2019-06-03 14:12:40 +02:00
Carlton Gibson 95649bc085 [2.1.x] Applied jQuery patch for CVE-2019-11358. 
Backport of 34ec52269a from master.
 2019-06-03 11:39:15 +02:00
Carlton Gibson 09186a13d9 [2.1.x] Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL before rendering clickable link. 
Backport of deeba6d920 from master.
 2019-06-03 11:37:57 +02:00
Carlton Gibson f6e2b556e0 [2.1.x] Added stub release notes for security releases. 
Backport of 98c0fe19ee from master
 2019-06-03 10:51:40 +02:00
Tim Graham fb2b4253f9 [2.1.x] Refs #27807 -- Removed docs for User.username_validator. 
The new override functionality claimed in refs #21379 doesn't work.
Forwardport of 714fdbaa70 from stable/1.10.x.
 2019-04-07 20:03:54 -04:00
Mariusz Felisiak 0a8617a5b1
[2.1.x] Refs #30331 -- Doc'd that psycopg2 < 2.8 is required. 2019-04-05 12:06:04 +02:00
Tim Graham aafdf62921 [2.1.x] Fixed #30289 -- Prevented admin inlines for a ManyToManyField's implicit through model from being editable if the user only has the view permission. 
Backport of 8335d59200 from master.
 2019-03-30 17:56:50 -04:00
Tim Graham 6bfad83c2a [2.1.x] Added stub 2.1.8 release notes. 
Backport of e245046bb6 from master
 2019-03-30 13:04:45 -04:00
Tim Graham 28fb3ea827 [2.1.x] Fixed #30277 -- Fixed broken links to packaging.python.org. 
Backport of 8f1cc7e9e6 from master.
 2019-03-21 10:08:29 -04:00
Tobias Bengfort 4fd6e09fdc [2.1.x] Clarified permission-related docs. 
Backport of 632d4861dd from master
 2019-02-28 15:29:32 +01:00
Tim Graham 0c295a7570 [2.1.x] Refs #29683 -- Updated multi-db docs for view permission. 
Backport of 50f09264ae from master
 2019-02-25 14:57:27 -05:00
Mariusz Felisiak 7514a6cc95
[2.1.x] Fixed documentation of database representation for ManyToManyField. 
Backport of b0799f5d86 from master
 2019-02-25 20:10:22 +01:00
Mariusz Felisiak 8fe63dc4cd
[2.1.x] Fixed #30187 -- Moved "install Django" command to a console box. 
Backport of edec11ce86 from master.
 2019-02-16 08:10:14 +01:00
Tim Graham e1b55f2d3f [2.1.x] Added CVE-2019-6975 to the security release archive. 
Backport of d6e5aad5c7 from master.
 2019-02-11 16:14:58 -05:00
Tim Graham 5c2b94af2a [2.1.x] Refs #30177 -- Forwardported 2.0.13 release notes. 
Backport of 1b8f552b08 from master.
 2019-02-11 15:55:12 -05:00
Carlton Gibson 168bfdd92b [2.1.x] Refs #30175 -- Added release notes for 2.1.7, 2.0.12, and 1.11.20 releases. 
Backport of b39bd0aa6d from master
 2019-02-11 15:48:23 +01:00
Carlton Gibson 40cd190557 [2.1.x] Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format(). 
Thanks Sjoerd Job Postmus for the report and initial patch.
Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.

Backport of 402c0caa85 from master
 2019-02-11 11:11:55 +01:00
Mariusz Felisiak 657bbb139a
[2.1.x] Removed extra characters in docs header underlines. 
Backport of 25829197bb from master
 2019-02-08 21:41:10 +01:00
Carlton Gibson 5e5ecadaa3 [2.1.x] Added stub release notes for security releases. 
Backport of 5cc6f02f91 from master
 2019-02-07 15:49:51 +01:00
Daniel Hahler 893b80d95d [2.1.x] Fixed duplicate word in docs/releases/2.0.txt. 
Backport of fdc4518fe2 from master.
 2019-02-04 18:30:48 -05:00
Tim Graham f30467fe1d [2.1.x] Used extlinks for GitHub commits. 
Backport of c34c6d0a2f from master.
 2019-02-01 15:49:47 -05:00