p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
20,798 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

1765 Commits

Author SHA1 Message Date
Alasdair Nicol 6e24eeef60 [1.8.x] Fixed 27283 -- Fixed typo in 1.8 release notes. 
Backport of 3203171832 from master
 2016-09-28 06:51:42 -04:00
Tim Graham d5430a5ff9 [1.8.x] Added CVE-2016-7401 to the security release archive. 
Backport of 6fe846a8f0 from master
 2016-09-26 18:30:31 -04:00
Tim Graham 47f5d799b2 [1.8.x] Added a CVE role for Sphinx. 
Backport of a46742e738 from master
 2016-09-26 18:30:16 -04:00
Collin Anderson 6118ab7d06 [1.8.x] Fixed CVE-2016-7401 -- Fixed CSRF protection bypass on a site with Google Analytics. 
This is a security fix.

Backport of "refs #26158 -- rewrote http.parse_cookie() to better match
browsers." 93a135d111 from master
 2016-09-14 13:42:24 -04:00
Tim Graham 717aa88439 [1.8.x] Fixed #26807 -- Documented how to replicate SubfieldBase's assignment behavior. 
Backport of 518eaf1fa2 from master
 2016-08-18 21:09:12 -04:00
Tim Graham 2deed2ea08 [1.8.x] Added CVE-2016-6186 to the security release archive. 
Backport of bc53af13cb from master
 2016-07-18 15:20:55 -04:00
Tim Graham f68e5a9916 [1.8.x] Fixed XSS in admin's add/change related popup. 
This is a security fix.
 2016-07-18 13:45:11 -04:00
Jon Dufresne 8edfdddbc8 [1.8.x] Fixed #26889 -- Fixed missing PostgreSQL index in SchemaEditor.add_field(). 
Backport of 2e4cfcd2b9 from master
 2016-07-13 22:15:43 -04:00
Tim Graham 0f12924eb5 [1.8.x] Updated release notes links to prevent warnings with Sphinx 1.4.2. 
Backport of 149ace94df from master
 2016-06-02 11:50:26 -04:00
Tim Graham 3b2b51712b [1.8.x] Added release date for 1.8.13. 2016-05-02 18:17:09 -04:00
Joshua Phillips 052e1f17ca [1.8.x] Fixed #26557 -- Converted empty strings to None when saving GenericIPAddressField. 
Backport of 4681d65048 from master
 2016-04-29 10:17:00 -04:00
Lukasz Wiecek 0a411b2224 [1.8.x] Fixed #26498 -- Fixed TimeField microseconds round-tripping on MySQL and SQLite. 
Thanks adamchainz for the report and review.

Backport of d3c87a2425 from master
 2016-04-18 09:49:31 -04:00
Tim Graham a61b26a651 [1.8.x] Added stub release notes for 1.8.13. 
Backport of ad3c72118f from master
 2016-04-13 13:22:08 -04:00
Tim Graham 539302ee9a [1.8.x] Added release date for 1.8.12. 
Backport of 93539ba2f4 from master
 2016-04-01 13:30:53 -04:00
Tim Graham 0496838e61 [1.8.x] Fixed #26387 -- Restored the functionality of the admin's raw_id_fields in list_editable. 
Backport of acfaec3db5 from master
 2016-03-25 14:57:12 -04:00
Tim Graham c7764ca3a0 [1.8.x] Fixed #26324 -- Fixed DurationField with fractional seconds on SQLite. 
Backport of 4f0cd0fd16 from master
 2016-03-10 19:16:31 -05:00
John-Mark Bell a5e9ae9ad5 [1.8.x] Fixed #26325 -- Made MultiPartParser ignore filenames that normalize to an empty string. 
Backport of 4b129ac81f from master
 2016-03-07 13:22:38 -05:00
Tim Graham 6d312f95f3 [1.8.x] Added stub release notes for 1.8.12. 
Backport of c960af4adb from master
 2016-03-05 10:02:12 -05:00
Claude Paroz beb392b85e [1.8.x] Added safety to URL decoding in is_safe_url() on Python 2 
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218 and ada7a4aef.
Backport of 552f03869e from master.
 2016-03-04 23:39:46 +01:00
Claude Paroz 28bed24f55 [1.8.x] Fixed #26308 -- Prevented crash with binary URLs in is_safe_url() 
This fixes a regression introduced by c5544d2892.
Thanks John Eskew for the reporti and Tim Graham for the review.
Backport of ada7a4aef from master.
 2016-03-04 21:16:51 +01:00
Tim Graham f294b3833b [1.8.x] Added stub release notes for 1.8.11. 
Backport of 2f0c785a4c from master
 2016-03-04 09:48:11 -05:00
Alasdair Nicol e4be3c80a1 [1.8.x] Fixed #26309 -- Documented that login URL settings no longer support dotted paths. 
Backport of 2404d209a5 from master
 2016-03-03 07:49:06 -05:00
Dmitry Dygalo 6a9bb1447c [1.8.x] Fixed typo in 1.8.10 release date. 
Backport of 5155c2b458 from master
 2016-03-02 07:10:21 -05:00
Tim Graham 640c99e8b3 [1.8.x] Added CVE-2016-2512/2513 to security release archive. 
Backport of 24fc935218 from master
 2016-03-01 12:36:20 -05:00
Florian Apolloner f4e6e02f77 [1.8.x] Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login. 
This is a security fix.
 2016-02-29 08:07:17 -05:00
Mark Striemer 382ab13731 [1.8.x] Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth. 
This is a security fix.
 2016-02-29 08:07:17 -05:00
Tim Graham 922f228695 [1.8.x] Added stub release notes for security issues. 2016-02-29 08:07:17 -05:00
Simon Charette 4701c81df3 [1.8.x] Fixed #26286 -- Prevented content type managers from sharing their cache. 
This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.

Thanks Tim for the review.

Refs #23822.

Backport of 3938b3ccaa from master
 2016-02-26 16:24:28 -05:00
Jon Dufresne 6c48edae76 [1.8.x] Fixed #26267 -- Fixed BoundField to reallow slices of subwidgets. 
Backport of b412681359 from master
 2016-02-24 07:09:08 -05:00
Tim Graham 0f667a580a [1.8.x] Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator. 
Thanks Shai Berger for the review.

Backport of b1afebf882 from master
 2016-02-18 19:56:36 -05:00
Claude Paroz 5bce665974 [1.8.x] Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values 
Also added tests for HStoreField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
Backport of 928c12eb1 from master.
 2016-02-16 21:14:24 +01:00
Tim Graham 180d4cbfe6 [1.8.x] Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable. 
Backport of b59f963ad2 from master
 2016-02-15 11:52:14 -05:00
Simon Charette edff550392 [1.8.x] Fixed #26162 -- Checked query name clashes of hidden relationships. 
Although reverse accessor clashes should be skipped query name can't be hidden.

Thanks to Ian Foote and Tim Graham for the review.

Backport of a325fb1f9b from master
 2016-02-08 10:42:31 -05:00
Tim Graham 2f0de9b0a1 [1.8.x] Fixed #26177 -- Fixed a PostgreSQL crash with TIME_ZONE=None and USE_TZ=False. 
Backport of 97eb3356b2 from master
 2016-02-08 07:45:10 -05:00
Tim Graham b650623882 [1.8.x] Added stub release notes for 1.8.10. 
Backport of d6337e65ed from master
 2016-02-06 09:25:02 -05:00
Carl Meyer c247753083 [1.8.x] Fix typos in 1.8 release notes. 
Backport of a0ce4c09ff from master
 2016-02-03 15:27:40 -05:00
Tim Graham ea2d9f0d4a [1.8.x] Refs #26089 -- Removed obsolete docs about custom user model testing. 
Backport of 1e9150443e from master
 2016-02-02 08:55:37 -05:00
Tim Graham 97f0e0ac24 [1.8.x] Added CVE-2016-2048 to the security archive. 
Backport of ecd502cfdb from master
 2016-02-01 12:43:21 -05:00
Tim Graham 3a7c5f59ab [1.8.x] Added release date for 1.8.9. 2016-02-01 12:13:54 -05:00
Tim Graham 229666289d [1.8.x] Fixed #20415 -- Ensured srid isn't localized in OpenLayers JavaScript. 
Backport of 19d1cb1451 from master
 2016-01-28 18:02:36 -05:00
Ben Kraft 79c3950562 [1.8.x] Fixed #26122 -- Fixed copying a LazyObject 
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4.
 2016-01-26 06:57:47 -05:00
Tim Graham 7b6ab2885e [1.8.x] Refs #26034 -- Added another case fixed by this ticket to release notes. 
Thanks Shai Berger for the report.

Backport of 497b5d6fee from master
 2016-01-25 08:37:36 -05:00
Alexander Gaevsky 8502e9f049 [1.8.x] Fixed #26060 -- Fixed crash with reverse OneToOneField in ModelAdmin.readonly_fields. 
Backport of 9a33d3d764 from master
 2016-01-21 13:55:14 -05:00
Alberto Avila 5b3c66d8b6 [1.8.x] Fixed #26071 -- Fixed crash with __in lookup in a Case expression. 
Partial backport of afe0bb7b13 from master.
 2016-01-13 08:38:07 -05:00
Tim Graham f8c3d38c2d [1.8.x] Fixed #26034 -- Fixed incorrect index handling on PostgreSQL on Char/TextField with unique=True and db_index=True. 
Thanks Simon Charette for review.

Backport of 56aaae58a7 from master
 2016-01-08 14:47:05 -05:00
Alexander Gaevsky 40601e5797 [1.8.x] Fixed #24980 -- Fixed day determination in admin calendar widget. 
Backport of 44930cc466 from master
 2016-01-07 19:15:57 +03:00
Claude Paroz 61437dd0a0 [1.8.x] Fixed #26046 -- Fixed a crash with translations and Django-unknown language code 
Thanks Jens Lundstrom for the report and Tim Graham for the review.
Backport of 632a9f21bc from master.
 2016-01-06 20:34:45 +01:00
Scott Pashley 7688089e0f [1.8.x] Fixed #26035 -- Prevented user-tools from appearing on admin logout page. 
Backport of 7cc2efc2d6 from master
 2016-01-06 14:00:52 -05:00
Tim Graham 5c1de942ac [1.8.x] Added stub release notes for 1.8.9. 
Backport of 1e57dccb31 from master
 2016-01-05 13:19:50 -05:00
Tim Graham 4fd5f06d1e [1.8.x] Added release date for 1.8.8 release. 
Backport of 24c1713e2e from master
 2016-01-02 08:37:08 -05:00