ea04c81d37
[1.4.x] Fixed #21256 -- Error in datetime_safe.datetime.combine.
...
Backport of d9b6fb8
2013-10-13 19:11:59 +02:00
037ec1054c
[1.4.x] Fixed #21248 -- Skipped test_bcrypt if no py-bcrypt found
...
Pre 1.6 Django worked only with py-bcrypt, not with bcrypt. Skipped
test_bcrypt when using bcrypt to avoid false positives.
Backpatch of 9f8a36eb20
2013-10-09 14:44:43 +03:00
e2403db95a
[1.4.x] Fixed #21138 -- Increased the performance of our PBKDF2 implementation.
...
Thanks go to Michael Gebetsroither for pointing out this issue and help on
the patch.
Backport of 68540fe4df
2013-09-24 21:20:19 +02:00
0317edf0c7
Revert "[1.4.x] Ensure that passwords are never long enough for a DoS."
...
This reverts commit 3f3d887a68
2013-09-24 21:19:20 +02:00
ca77e38d24
[1.4.x] Cleaned up 1.4.8 release notes
...
Backport of 8d29005524
2013-09-15 14:29:40 -04:00
efee30e6b0
[1.4.x] Bump version post-release.
2013-09-15 12:59:10 -04:00
629813a804
[1.4.x] Fixed geos test to prevent random failure
...
Points in the test fixtures have 20 as max coordinate.
Backport of 87854b0bdf
2013-09-15 11:45:16 +02:00
6903d1690a
[1.4.x] Removed usage of b"" string syntax for Python 2.5 compatibility.
...
Refs commit 3f3d887a68
2013-09-15 14:02:38 +08:00
3ffc7b52f8
[1.4.x] Add release notes and bump version numbers for 1.4.8 security release.
2013-09-14 23:53:07 -06:00
3f3d887a68
[1.4.x] Ensure that passwords are never long enough for a DoS.
...
* Limit the password length to 4096 bytes
* Password hashers will raise a ValueError
* django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change
Thanks to Josh Wright for the report, and Donald Stufft for the patch.
This is a security fix; disclosure to follow shortly.
Backport of aae5a96d57
2013-09-15 13:49:16 +08:00
75d2bcda10
Fixed #18923 -- Corrected usage of sensitive_post_parameters in contrib.auth
...
Thanks Collin Anderson for the report.
Backport of 425d076d0c
2013-09-13 10:18:55 -04:00
cca302cde6
[1.4.x] Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH.
...
Thanks EvilDMP for the report and Russell Keith-Magee
for the draft text.
Backport of da843e7dba
2013-09-11 08:18:56 -04:00
434d122a74
Merge pull request #1616 from loic/fix1.4
...
Fixed failing test introduced by 87d2750b39
2013-09-11 04:30:45 -07:00
fba6af5a1e
[1.4.x] Bump version post-release.
2013-09-11 07:06:09 -04:00
3203f684e8
Fixed failing test introduced by 87d2750b39.
...
The {% ssi %} tag in Django 1.4 doesn't support spaces in its argument.
Skip the test if run from a location that contains a space.
2013-09-11 18:05:39 +07:00
701c1a11bc
[1.4.x] Bump version numbers for 1.4.7 security release.
2013-09-10 20:15:38 -05:00
d1dc8a0d00
Added 1.4.7 release notes
...
Backport of baec6a26dd
2013-09-10 21:09:47 -04:00
87d2750b39
[1.4.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths.
...
Thanks Rainer Koirikivi for the report and draft patch.
This is a security fix; disclosure to follow shortly.
Backport of 7fe5b656c9
2013-09-10 21:05:47 -04:00
9ab7ed9b72
[1.4.x] Fixed #20707 -- Added explicit quota assignment to Oracle test user
...
To enable testing on Oracle 12c
2013-09-09 15:13:18 +03:00
7826824aef
[1.4.x] Fixed #20907 - Test failure on Oracle
...
Backport of the Oracle-specific part of commit a18e43c5bb
2013-08-18 01:45:01 +03:00
d9dc98159d
[1.4.x] Fixed #20904 : Test failure on Oracle
...
Just skip the failing test, the failure isn't really relevant; also,
both the test and the reason for its failure were removed in 1.5.
Thanks Tim Graham for advice on 1.5.
2013-08-17 23:12:01 +03:00
d5da495a2e
[1.4.x] Fixed #20906 -- Fixed a dependence on set-ordering in tests
...
Backport of 1ae64e96c1
2013-08-16 17:55:08 -04:00
bf611f14ec
[1.4.x] Fixed #20905 -- Fixed an Oracle-specific test case failure
...
Made a test checking ORM-generated query string case-insensitive.
Backport of ee0a7c741e
2013-08-16 12:23:05 -04:00
08e5fcb3e6
Fixed regression in validation tests since example.com is available via https now.
2013-08-13 22:34:52 +02:00
0d4ef66f7c
Bump version post-release.
2013-08-13 12:16:41 -05:00
d77ce64fe8
[1.4.x] Removed 1.5.2 release notes
2013-08-13 13:15:54 -04:00
506913cdd8
Stole the Makefile for building packages from master.
2013-08-13 11:24:46 -05:00
e61e20e497
Added 1.4.6/1.5.2 release notes.
2013-08-13 11:18:07 -05:00
30e17be1f6
Bumped version numbers for 1.4.6.
2013-08-13 11:09:05 -05:00
ec67af0bd6
Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S.
...
This is a security fix; disclosure to follow shortly.
2013-08-13 11:00:13 -05:00
b50be6857c
[1.4.x] Added missing release notes for older versions of Django
...
Backport of 3f6cc33cff
2013-08-12 14:11:10 -04:00
8af0b1afd2
[1.4.x] Added a bugfix in docutils 0.11 -- docs will now build properly.
...
Backport of a3a59a3197
2013-07-31 10:14:38 -04:00
ed6ec47ff7
[1.4.x] Fixed #20779 -- Documented AdminSite.app_index_template; refs #8498 .
...
Thanks CollinAnderson for the report.
Backport of 7de35a9ef3
2013-07-31 07:09:52 -04:00
f3a961f009
[1.4.x] Fixed #18315 -- Documented QueryDict.popitem and QueryDict.pop
...
Thanks gcbirzan for the report.
Backport of 8c9240222f
2013-07-25 11:09:25 -04:00
eda39fe704
[1.4.x] Fixed #20792 -- Corrected DISALLOWED_USER_AGENTS docs.
...
Thanks simonb for the report.
Backport of dab52d99fc
2013-07-25 07:39:53 -04:00
dfe36f10df
[1.4.x] Atom specification URL updated
...
Changed to the URL of the official RFC for Atom, since Atomenabled.org
is just a holding page.
Backport of beefc97171
2013-07-18 08:48:11 -04:00
6b4b18e7e2
[1.4.x] Fixed #20756 -- Typo in uWSGI docs.
...
Backport of a3242dc9fe
2013-07-17 06:51:48 -04:00
288d70fccc
[1.4.x] Fixed #20730 -- Fixed "Programmatically creating permissions" error.
...
Thanks glarrain for the report.
Backport of 684a606a4e
2013-07-11 11:10:26 -04:00
e8971345b4
[1.4.x] Fixed #19196 -- Added test/requirements
...
Backport of 4d92a0bd86
2013-07-10 12:12:15 -04:00
7b7592cafa
[1.4.x] Fixed #18944 -- Documented PasswordResetForm's from_email argument as a backwards incompatible change for 1.3
...
Thanks DrMeers for the report.
Backport of dab921751d
2013-07-08 15:06:45 -04:00
165cc1dc2f
[1.4.x] Fixed #20665 -- Missing backslash in sitemaps documentation
...
Backport of 5005303ae7
2013-06-27 09:45:58 +02:00
e2b86571bf
[1.4.x] Fixed oversight in e3b6fed3. Refs #20636 .
2013-06-24 21:00:28 +02:00
e3b6fed320
[1.4.x] Fixed #20636 -- Stopped stuffing values in the settings.
...
In Django < 1.6, override_settings restores the settings module that was
active when the override_settings call was executed, not when it was
run. This can make a difference when override_settings is applied to a
class, since it's executed when the module is imported, not when the
test case is run.
In addition, if the settings module for tests is stored alongside the
tests themselves, importing the settings module can trigger an import
of the tests. Since the settings module isn't fully imported yet,
class-level override_settings statements may store a reference to an
incorrect settings module. Eventually this will result in a crash during
test teardown because the settings module restored by override_settings
won't the one that was active during test setup.
While Django should prevent this situation in the future by failing
loudly in such dubious import sequences, that change won't be backported
to 1.5 and 1.4. However, these versions received the "allowed hosts"
patch and they're prone to "AttributeError: 'Settings' object has no
attribute '_original_allowed_hosts'". To mitigate this regression, this
commits stuffs _original_allowed_hosts on a random module instead of the
settings module.
This problem shouldn't occur in Django 1.6, see #20290 , but this patch
will be forward-ported for extra safety.
Also tweaked backup variable names for consistency.
Backport of 0261922
2013-06-24 20:42:42 +02:00
c97cc85b74
[1.4.x] Fixed #20326 - Corrected form wizard get_form() example.
...
Thanks tris@ for the report.
Backport of 646a2216e9
2013-05-31 08:09:17 -04:00
9b5fe02215
[1.4.x] Fixed regroup example.
...
Chicago was missing.
Backport of e6ff238
2013-05-29 21:52:25 -04:00
227d7f63e4
[1.4.x] Fixed #20523 - Incorrect form field for FilePathField.
...
Thanks sane4ka.sh@ for the report.
Backport of 1fdc3d256d
2013-05-28 12:00:04 -04:00
1deeda5785
[1.5.x] Fixed #20492 - Removed a broken link in GIS docs.
...
Backport of fbab3209fc
2013-05-24 12:36:25 -04:00
e149d8ebf0
[1.4.x] Updated link to jQuery Cookie plugin site
...
Backport of 81f454a322
2013-05-24 12:26:23 -04:00
528345069d
[1.4.x] Fixed a minor spelling mistake in the queryset documentation
...
Backport of d258cce482
2013-05-14 10:32:38 -04:00
6297673efd
[1.5.X] Fixed #18883 -- added a missing self parameter in the docs
...
Backport of 17d57275f9
2013-05-13 20:50:37 -04:00
Aymeric Augustin
Anssi Kääriäinen
Florian Apolloner
Tim Graham
Claude Paroz
Russell Keith-Magee
James Bennett
Loic Bistuer
Садовский Николай
Shai Berger
Luke Plant
Jacob Kaplan-Moss
SusanTan
mark hellewell
Brenton Cleeland
Matt Deacalion Stevens
Baptiste Mispelon
Gavin Wahl
Alasdair Nicol
Wilfred Hughes
Alex Gaynor