innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
django1/django
History
Jacob Kaplan-Moss e3e992e18b [1.1.X] SECURITY ALERT: Corrected regular expressions for URL and email fields. 
Certain email addresses/URLs could trigger a catastrophic backtracking
situation, causing 100% CPU and server overload. If deliberately triggered, this
could be the basis of a denial-of-service attack.

This security vulnerability was disclosed in public, so we're skipping our
normal security release process to get the fix out as soon as possible.

This is a security related update. A full announcement will follow.



git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.1.X@11604 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 		2009-10-09 20:59:05 +00:00
..
bin Fixed #10102 -- Set svn:executable on daily_cleanup script. Thanks to John Scott for the report 2009-03-14 05:18:02 +00:00
conf [1.1.X] Fixed #11862 -- Corrected an error in the Hebrew translation. Thanks to Adam Rimon for the fix. 2009-09-13 06:33:49 +00:00
contrib [1.1.X] Fixed #11995 -- Modified the admin site definition for comments so that users are shown as a raw id list. Thanks to James Bennett for the report and patch. 2009-10-08 13:32:23 +00:00
core [1.1.X] Fixed #11660 -- Corrected the CONTENT_TYPE and CONTENT_LENGTH headers provided by the mod_python handler. Thanks to Nowell Strite and Tareque Hossain for the report and fix. 2009-09-12 22:05:23 +00:00
db [1.1.X] Fixed #11886 -- Corrected handling of F() expressions that use parentheses. Thanks to Brent Hagany for the report. 2009-09-16 12:12:54 +00:00
dispatch Fixed #11134: signals recievers that disconnect during their processing no longer mess things up for other handlers. Thanks, Honza Kral. 2009-05-20 16:13:55 +00:00
forms [1.1.X] SECURITY ALERT: Corrected regular expressions for URL and email fields. 2009-10-09 20:59:05 +00:00
http Fixed #10687: fixed request parsing when upload_handlers is empty. Thanks, Armin Ronacher. 2009-05-08 17:22:34 +00:00
middleware BACKWARDS-INCOMPATIBLE CHANGE: Removed SetRemoteAddrFromForwardedFor middleware. 2009-07-29 05:35:51 +00:00
shortcuts Fixed #10194: added `django.shortcuts.redirect`, a do-what-I-mean redirect shortcut. See the docs at topics/http/shortcuts for details. 2009-03-21 13:09:13 +00:00
template Fixed #10061 -- Added namespacing for named URLs - most importantly, for the admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch. 2009-07-16 16:16:13 +00:00
templatetags Fixed #11270 -- Modified cache template tag to prevent the creation of very long cache keys. Thanks to 235 for the report and patch. 2009-06-18 15:04:00 +00:00
test Fixed #11066 -- Corrected 15 duplicate "the"s found in docs and code comments. Thanks kaikuehne. 2009-05-17 16:45:28 +00:00
utils As long as we're micro-optomizing, do it right -- using map() shaves another dozen or so seconds off the test suite run time. 2009-09-10 22:49:05 +00:00
views Fixed #11512 -- Corrected unclosed tag in HTML on debug page. Thanks to rlaager for the report. 2009-07-21 01:50:06 +00:00
__init__.py This branch is 1.1.1 pre-alpha. 2009-09-11 19:08:55 +00:00