p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
12,111 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

12111 Commits

Author SHA1 Message Date
Tim Graham 592187e11b [1.4.x] Bumped version for 1.4.17 release. 2015-01-02 21:07:00 -05:00
Tim Graham 35dc639cd6 [1.4.x] Added dates to release notes. 
Backport of 15cd71ed24 from master
 2015-01-02 19:23:14 -05:00
Tim Graham a25c444bc7 [1.4.x] Updated six to 1.9.0. 
Backport of 52f0b2b622 from master
 2015-01-02 13:38:58 -05:00
Simon Charette 5940da16af [1.4.x] Fixed #23754 -- Always allowed reference to the primary key in the admin 
This change allows dynamically created inlines "Add related" button to work
correcly as long as their associated foreign key is pointing to the primary
key of the related model.

Thanks to amorce for the report, Julien Phalip for the initial patch,
and Collin Anderson for the review.

Backport of f9c4e14aec from master
 2014-11-25 14:04:56 -05:00
Tim Graham c83b024b37 [1.4.x] Removed thread customizations of six which are now built-in. 
Backport of 7ef81b5cdd from master
 2014-11-13 11:36:21 +01:00
Tim Graham a1dcd82b28 [1.4.x] Updated six to 1.8.0. 
Backport of 81477c91f6 from master
 2014-11-04 21:30:21 -05:00
Tim Graham 486b6ca3bc [1.4.x] Post-release version bump. 2014-10-22 13:33:07 -04:00
James Bennett 151d6dbf9c [1.4.x] Bump version numbers for bugfix release. 2014-10-22 12:36:19 -04:00
Tim Graham a92e386e26 [1.4.x] Added release dates to release notes. 
Backport of 9dc782b631 from master
 2014-10-22 12:25:45 -04:00
Tim Graham 643374bcf5 [1.4.x] Fixed #23631 -- Removed outdated note on MySQL timezone support. 
Thanks marfire for the report.

Backport of 9db3653670 from master
 2014-10-10 15:22:46 -04:00
Emmanuelle Delescolle f58392d8d8 [1.4.x] Fixed #23604 -- Allowed related m2m fields to be references in the admin. 
Thanks Simon Charette for review.

Backport of a24cf21722 from master
 2014-10-06 09:08:45 -04:00
Tim Graham df657a7682 [1.4.x] Required numpy < 1.9 for tests; refs #23489. 
Backport of 4743a94429 from stable/1.7.x
 2014-09-29 19:47:33 -04:00
Joseph Dougherty 3132edae41 [1.4.x] Fixed #23499 -- Error in built-in template tag "now" documentation 
Backport of ab8248361e from master.
 2014-09-17 09:26:45 +02:00
Claude Paroz ba2be27613 [1.4.x] Fixed #20036 -- Improved GEOS version string parsing 
Thanks chikiro.spam at gmail.com for the report.
 2014-09-11 20:54:33 +02:00
Simon Charette 065caafa70 [1.4.x] Fixed #23431 -- Allowed inline and hidden references to admin fields. 
This fixes a regression introduced by the 53ff096982 security fix.

Thanks to @a1tus for the report and Tim for the review.

refs #23329.

Backport of 342ccbd from master
 2014-09-08 14:22:29 -04:00
Tim Graham 78085844a7 [1.4.x] Added dates to release notes. 
Backport of 0fd23545db from master
 2014-09-02 21:36:44 -04:00
Tim Graham 89157fe11f [1.4.x] Post release version bump. 2014-09-02 21:07:29 -04:00
James Bennett 0517f498cd [1.4.x] Bump version numbers for bugfix release. 2014-09-02 15:43:24 -05:00
Simon Charette 4685026840 [1.4.x] Fixed #23329 -- Allowed inherited and m2m fields to be referenced in the admin. 
Thanks to Trac alias Markush2010 and ross for the detailed reports.

Backport of 3cbb759 from master
 2014-08-27 22:12:37 -04:00
Tim Graham 8adc56ca78 [1.4.x] Fixed spelling mistake in file docs. 
Backport of a3e88e64a4 from master
 2014-08-26 09:45:06 -04:00
Tim Graham 27c682ffa0 [1.4.x] Bumped version number post-release. 2014-08-20 16:36:42 -04:00
Tim Graham e484df76b6 [1.4.x] Added dates to release notes. 2014-08-20 16:33:50 -04:00
James Bennett 4fce0193d2 [1.4.x] Bump version numbers for security release. 2014-08-20 15:00:40 -05:00
Simon Charette 027bd34864 [1.4.x] Prevented data leakage in contrib.admin via query string manipulation. 
This is a security fix. Disclosure following shortly.
 2014-08-11 16:01:41 -04:00
Preston Holmes c9e3b9949c [1.4.x] Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USE change. 
This is a security fix. Disclosure following shortly.
 2014-08-11 12:15:06 -04:00
Tim Graham 30042d475b [1.4.x] Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file names. 
This is a security fix. Disclosure following shortly.
 2014-08-11 10:14:06 -04:00
Florian Apolloner c2fe73133b [1.4.x] Prevented reverse() from generating URLs pointing to other hosts. 
This is a security fix. Disclosure following shortly.
 2014-08-11 09:04:23 -04:00
Tim Graham 4d5e972a2c [1.4.x] Added release note stub for 1.4.14. 2014-08-11 08:47:06 -04:00
Tim Graham 88cb7aa6aa [1.4.x] Added a warning that remove_tags() output shouldn't be considered safe. 
Backport of 7efce77de2 from master
 2014-08-11 07:11:30 -04:00
Tim Graham 399052d224 [1.4.x] Noted that django-jython requires Django 1.7. 
Backport of 72e98d5c16 from stable/1.6.x
 2014-08-08 12:47:31 -04:00
Tim Graham d23d19c15e [1.4.x] Fixed #23239 -- Clarified a phrase in the contrib.markup docs. 
Backport of e0fb48c254 from stable/1.5.x
 2014-08-06 08:30:49 -04:00
Erik Romijn bc03817b42 [1.4.x] Fixed #23149 -- Clarified note on HTTPOnly in cookie-based session docs 
Backport of e26366da44 from master.
 2014-08-02 19:01:23 +02:00
Tim Graham 778a555342 [1.4.x] Added tests/requirements/py2.txt. 
This follows the convention used in other branches so we don't
need a special case in the build script for 1.4.
 2014-07-25 09:46:15 -04:00
Ramiro Morales aa9c45c2e4 [1.4.x] Revert "Fixed #13794 -- Fixed to_field usage in BaseInlineFormSet." 
This reverts commit b44519072e.

stable/1.4.x branch is in security-fixes-only mode.
 2014-07-14 21:09:38 -03:00
Tim Graham b44519072e [1.4.x] Fixed #13794 -- Fixed to_field usage in BaseInlineFormSet. 
Thanks sebastien at clarisys.fr for the report and gautier
for the patch.

Backport of 5e2c4a4bd1 from master
 2014-07-14 12:38:00 -03:00
Tim Graham d29f3b9e87 [1.4.x] Fixed #22859 -- Improved crossDomain technique in CSRF example. 
Thanks flisky for the report.

Backport of 0be4d64487 from master
 2014-06-18 14:38:30 -04:00
Tim Graham d39fcff11a [1.4.x] Minor edits to latest release notes. 
Backport of 860d31ac7a from master
 2014-05-15 07:17:54 -04:00
Jacob Kaplan-Moss 37d6821d35 Bumped version numbers post-release. 2014-05-14 18:24:08 +02:00
Jacob Kaplan-Moss 53b98b5a7c Bumped version numbers for release. 2014-05-14 18:09:51 +02:00
Jacob Kaplan-Moss fe5b3e36a2 Added release notes for 1.4.13. 2014-05-14 18:07:32 +02:00
Tim Graham 7feb54bbae [1.4.x] Added additional checks in is_safe_url to account for flexible parsing. 
This is a security fix. Disclosure following shortly.
 2014-05-12 09:46:40 -04:00
Aymeric Augustin 28e23306aa [1.4.x] Dropped fix_IE_for_vary/attach. 
This is a security fix. Disclosure following shortly.
 2014-05-12 09:46:22 -04:00
Tim Graham e1812617cf [1.4.x] Added dates to release notes of today's release. 
Backport of 68d264059a from master
 2014-04-28 19:07:51 -04:00
Tim Graham 48a4729cd7 [1.4.x] Post release version bump. 2014-04-28 19:03:36 -04:00
James Bennett b1b680c8fe [1.4.x] Bump version numbers for 1.4.12 bugfix release. 2014-04-28 15:28:15 -05:00
Tim Graham b91c385e32 [1.4.x] Fixed #22486 -- Restored the ability to reverse views created using functools.partial. 
Regression in 8b93b31.

Thanks rcoup for the report.

Backport of 3c06b2f2a3 from master
 2014-04-23 09:22:02 -04:00
Tim Graham 1edb163592 [1.4.x] Post release version bump. 2014-04-22 11:50:20 -04:00
James Bennett 194159ba44 [1.4.x] Bump version numbers for 1.4.11 security release. 2014-04-21 17:38:26 -05:00
Erik Romijn 8010908313 [1.4.x] Added information on resolved security issues to release notes. 
Backport of c07f3e60c2 from master
 2014-04-21 18:31:44 -04:00
Erik Romijn aa80f498de [1.4.x] Fixed queries that may return unexpected results on MySQL due to typecasting. 
This is a security fix. Disclosure will follow shortly.

Backport of 75c0d4ea3a from master
 2014-04-21 18:31:44 -04:00