Tim Graham
18dceab05b
[1.8.x] Fixed typo in path to is_safe_url()
...
Backport of dd0b487872
from master
2015-02-20 09:22:17 -05:00
Tim Graham
cbbe6a6abb
Added dates to release notes.
2015-01-13 13:08:57 -05:00
Tim Graham
baf2542c4f
Fixed DoS possibility in ModelMultipleChoiceField.
...
This is a security fix. Disclosure following shortly.
Thanks Keryn Knight for the report and initial patch.
2015-01-13 13:03:06 -05:00
Tim Graham
a3bebfdc34
Ensured views.static.serve() doesn't use large memory on large files.
...
This issue was fixed in master by refs #24072 .
2015-01-13 13:03:06 -05:00
Tim Graham
69b5e66738
Fixed is_safe_url() to handle leading whitespace.
...
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Carl Meyer
316b8d4974
Stripped headers containing underscores to prevent spoofing in WSGI environ.
...
This is a security fix. Disclosure following shortly.
Thanks to Jedediah Smith for the report.
2015-01-13 13:03:05 -05:00
Tim Graham
958aeda4b5
Added stub release notes for security releases.
2015-01-13 13:03:05 -05:00
Markus Holtermann
be158e3625
Refs #24110 -- Added a more descriptive release note and fixed a spelling mistake.
2015-01-11 00:30:47 +01:00
Markus Holtermann
fdc2cc9487
Fixed #24110 -- Rewrote migration unapply to preserve intermediate states
2015-01-10 23:14:15 +01:00
Serafeim Papastefanos
74f02557e0
Fixed #23967 -- Added formats for Greek
2015-01-10 11:10:26 -05:00
Claude Paroz
d7bc37d611
Fixed #24097 -- Prevented AttributeError in redirect_to_login
...
Thanks Peter Schmidt for the report and the initial patch.
Thanks to Oktay Sancak for writing the original failing test and
Alvin Savoy for supporting contributing back to the community.
2015-01-10 10:05:02 +01:00
Claude Paroz
27dd7e7271
Fixed #23815 -- Prevented UnicodeDecodeError in CSRF middleware
...
Thanks codeitloadit for the report, living180 for investigations
and Tim Graham for the review.
2015-01-06 08:42:58 +01:00
Tim Graham
d94fe42ae5
Forwardported release note for 4aed731154
.
2015-01-05 10:55:48 -05:00
Tim Graham
439f15beab
Added 1.7.3 release notes stub.
2015-01-03 13:27:08 -05:00