cf694e6852
[2.2.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
...
Thanks to Guido Vranken for initial report.
2019-07-29 11:06:54 +02:00
4f5b58f5cd
[2.2.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
...
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
2019-07-29 11:06:54 +02:00
e34f3c0e9e
[2.2.x] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
...
Thanks to Guido Vranken for initial report.
2019-07-29 11:06:54 +02:00
c3289717c6
[2.2.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
...
Thanks to Guido Vranken for initial report.
2019-07-29 11:00:01 +02:00
ea57c8a345
[2.2.x] Added stub release notes for security releases.
...
Backport of f13147c8de
2019-07-25 10:50:18 +02:00
4d6449e125
[2.2.x] Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved.
...
Backport of fc75694257
2019-07-24 14:38:24 +02:00
2d2859bec2
[2.2.x] Fixed #30506 -- Fixed crash of autoreloader when path contains null characters.
...
Backport of 2ff517ccb6
2019-07-23 10:41:50 +02:00
1088a9777d
[2.2.x] Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField when the right hand side is the same type.
...
Thanks Tilman Koschnick for the report and initial patch.
Thanks Carlton Gibson for the review.
Regression in 6b048b364c7991111af1
2019-07-10 10:34:49 +02:00
9dee8515d6
[2.2.x] Fixed #30628 -- Adjusted expression identity to differentiate bound fields.
...
Expressions referring to different bound fields should not be
considered equal.
Thanks Julien Enselme for the detailed report.
Regression in bc7e288ca9ee6e93ec87
2019-07-10 08:04:45 +02:00
b593c39d7f
[2.2.x] Added stub release notes for 2.2.4.
...
Backport of 08e69cad9c
2019-07-09 07:45:27 +02:00
Florian Apolloner
Mariusz Felisiak
Carlton Gibson
Tom Forbes
Simon Charette