innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
14,072 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

14072 Commits

Author SHA1 Message Date
Emmanuelle Delescolle 314e9cd38f [1.5.x] Fixed #23604 -- Allowed related m2m fields to be references in the admin. 
Thanks Simon Charette for review.

Backport of a24cf21722 from master
 2014-10-06 08:54:26 -04:00
Simon Charette d9d4d62d85 [1.5.x] Fixed #23431 -- Allowed inline and hidden references to admin fields. 
This fixes a regression introduced by the 53ff096982 security fix.

Thanks to @a1tus for the report and Tim for the review.

refs #23329.

Backport of 342ccbd from master
 2014-09-08 14:09:14 -04:00
Tim Graham b8db1ded5e [1.5.x] Added dates to release notes. 
Backport of 0fd23545db from master
 2014-09-02 21:35:30 -04:00
James Bennett d54022b655 [1.5.x] Bump version numbers for bugfix release. 2014-09-02 15:50:34 -05:00
Simon Charette 20474d5bc7 [1.5.x] Fixed #23375 -- Added missing security issues to the archive. 
Backport of c9c0be3 from master
 2014-08-28 11:10:11 -04:00
Simon Charette 4c96bd8fb3 Fixed #23329 -- Allowed inherited and m2m fields to be referenced in the admin. 
Thanks to Trac alias Markush2010 and ross for the detailed reports.

Backport of 3cbb759 from master
 2014-08-27 22:05:30 -04:00
Tim Graham 5d647e5f17 [1.5.x] Fixed spelling mistake in file docs. 
Backport of a3e88e64a4 from master
 2014-08-26 09:45:01 -04:00
Tim Graham 4fa3c04105 [1.5.x] Bumped version number post-release. 2014-08-20 16:37:33 -04:00
Tim Graham ed4cf3b450 [1.5.x] Added dates to release notes. 2014-08-20 16:33:23 -04:00
James Bennett 1f5ff0b1eb [1.5.x] Bump version numbers for security release. 2014-08-20 15:09:42 -05:00
Simon Charette 2a446c896e [1.5.x] Prevented data leakage in contrib.admin via query string manipulation. 
This is a security fix. Disclosure following shortly.
 2014-08-20 11:44:02 -04:00
Preston Holmes dd68f319b3 [1.5.x] Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USE change. 
This is a security fix. Disclosure following shortly.
 2014-08-20 11:44:02 -04:00
Tim Graham 26cd48e166 [1.5.x] Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file names. 
This is a security fix. Disclosure following shortly.
 2014-08-20 11:44:02 -04:00
Florian Apolloner 45ac9d4fb0 [1.5.x] Prevented reverse() from generating URLs pointing to other hosts. 
This is a security fix. Disclosure following shortly.
 2014-08-20 11:44:02 -04:00
Tim Graham 25d9ae5214 [1.5.x] Added release note stubs for 1.5.9 and 1.4.14. 2014-08-20 11:44:02 -04:00
Tim Graham 27ab82f7fc [1.5.x] Corrected content_type parameter name in sitemap docs. 
mimetype was deprecated in 1.5 per 11ec0253ab.

Backport of a7443c24a3 from master
 2014-08-13 21:45:36 -04:00
Tim Graham 00ec30d3c4 [1.5.x] Added a warning that remove_tags() output shouldn't be considered safe. 
Backport of 7efce77de2 from master
 2014-08-11 07:09:56 -04:00
Ola Sitarska 5d6e4031df [1.5.x] Fixed #23267 -- Fixed typo in Translation documentation 
Thanks to Tomin1 for the report.

Backport of 2e7be92b4d from master.
 2014-08-11 12:10:52 +02:00
Tim Graham bafc7237a9 [1.5.x] Noted that django-jython requires Django 1.7. 
Backport of 72e98d5c16 from stable/1.6.x
 2014-08-08 12:47:54 -04:00
Mohammed Attia 50369c5295 [1.5.x] Removed a doc reference to the deprecated `mimetype` kwarg. 
Backport of 61ed959235 from master
 2014-08-06 22:21:16 -04:00
Tim Graham e0fb48c254 [1.5.x] Fixed #23239 -- Clarified a phrase in the contrib.markup docs. 2014-08-06 08:28:51 -04:00
Erik Romijn 12ac0bb91b [1.5.x] Fixed #23149 -- Clarified note on HTTPOnly in cookie-based session docs 
Backport of e26366da44 from master.
 2014-08-02 19:00:50 +02:00
Ramiro Morales 291e837bda [1.5.x] Revert "Fixed #13794 -- Fixed to_field usage in BaseInlineFormSet." 
This reverts commit 4ae68f677b.

stable/1.5.x branch is in security-fixes-only mode.
 2014-07-14 21:12:40 -03:00
Tim Graham 4ae68f677b [1.5.x] Fixed #13794 -- Fixed to_field usage in BaseInlineFormSet. 
Thanks sebastien at clarisys.fr for the report and gautier
for the patch.

Backport of 5e2c4a4bd1 from master
 2014-07-14 12:38:43 -03:00
Tim Graham ddc715edd3 [1.5.x] Fixed #22966 -- Clarified which release notes appear for each doc version. 
Thanks haimunt at yahoo.com for the suggestion.

Backport of e6b3d6c22f from master
 2014-07-07 15:31:57 -04:00
Tim Graham ce06ef5569 [1.5.x] Fixed #22859 -- Improved crossDomain technique in CSRF example. 
Thanks flisky for the report.

Backport of 0be4d64487 from master
 2014-06-18 14:38:19 -04:00
vagrant 7342784b99 [1.5.x] Fixed #22842 
Backport of 7a1f8414c3 from master.
 2014-06-15 21:13:05 +02:00
Tim Graham d57cf88c1e [1.5.x] Improved deprecation plan links in release notes. 
Backport of 7ff326928a from master
 2014-05-29 18:59:56 -04:00
Erik Romijn d5ca482451 [1.5.x] Fixed #22644 -- Clarified documentation for NamedUrlWizardView 
Backport of 727d048f09 from master.
 2014-05-17 15:18:32 +02:00
Claude Paroz 044a4fd7a8 [1.5.x] Fixed case in form widgets docs 
Backport of 9494f29d from master
 2014-05-16 17:43:26 -04:00
Moritz 220c09e97a [1.5.x] Fixed #22167 -- Improved documentation on context processors 
Backport of e7ffba8f78 from master.
 2014-05-16 18:30:23 +02:00
Tim Graham 5c65aa9243 [1.5.x] Minor edits to latest release notes. 
Backport of 860d31ac7a from master
 2014-05-15 07:17:17 -04:00
Jacob Kaplan-Moss 4752580881 Bumped version number post release. 2014-05-14 18:31:37 +02:00
Jacob Kaplan-Moss 4e922f6084 Bumped version numbers for release. 2014-05-14 18:27:50 +02:00
Jacob Kaplan-Moss ffcb009178 Added release notes for 1.4.13, 1.5.8. 2014-05-14 18:26:26 +02:00
Erik Romijn ad32c21885 [1.5.x] Added additional checks in is_safe_url to account for flexible parsing. 
This is a security fix. Disclosure following shortly.
 2014-05-12 09:42:06 -04:00
Aymeric Augustin 4001ec8698 [1.5.x] Dropped fix_IE_for_vary/attach. 
This is a security fix. Disclosure following shortly.
 2014-05-12 09:41:34 -04:00
Tim Graham 41ab97b6a4 [1.5.x] Fixed #22575 -- Fixed typo in docs/topics/class-based-views/generic-editing.txt. 
Thanks adminq80 at gmail.com.

Backport of 87776859af from master
 2014-05-05 06:42:41 -04:00
Tim Graham 73136a887d [1.5.x] Added dates to release notes of today's release. 
Backport of 68d264059a from master
 2014-04-28 19:07:17 -04:00
Tim Graham ce6c665f12 [1.5.x] Post release version bump. 2014-04-28 19:01:01 -04:00
James Bennett c47324b2de [1.5.x] Update version numbers for 1.5.7 bugfix release. 2014-04-28 15:34:35 -05:00
Tim Graham 47a352f84e [1.5.x] Removed bad import in last commit. 2014-04-23 09:15:41 -04:00
Tim Graham 19bd6b9477 [1.5.x] Fixed #22486 -- Restored the ability to reverse views created using functools.partial. 
Regression in 8b93b31487.

Thanks rcoup for the report.

Backport of 3c06b2f2a3 from master
 2014-04-23 09:01:38 -04:00
Ray Ashman 2d450cc3e5 [1.5.x] Updated grammar in description of django.contrib.auth. 
Backport of 9853779805 from master
 2014-04-22 18:29:13 -04:00
Tim Graham 036b2d4f30 [1.5.x] Post release version bump. 2014-04-22 11:49:50 -04:00
James Bennett a0f60958cf [1.5.x] Add missing disclosure information to security archive. 2014-04-21 18:28:24 -05:00
James Bennett 486b6f398b [1.5.x] Update for 1.5.6 security release. 2014-04-21 17:51:51 -05:00
Erik Romijn cebfbcdb86 [1.5.x] Added information on resolved security issues to release notes. 
Backport of c07f3e60c2 from master
 2014-04-21 18:31:08 -04:00
Erik Romijn 985434fb1d [1.5.x] Fixed queries that may return unexpected results on MySQL due to typecasting. 
This is a security fix. Disclosure will follow shortly.

Backport of 75c0d4ea3a from master
 2014-04-21 18:31:08 -04:00
Aymeric Augustin 6872f42757 [1.5.x] Prevented leaking the CSRF token through caching. 
This is a security fix. Disclosure will follow shortly.

Backport of c083e3815a from master
 2014-04-21 18:31:05 -04:00