29779075d7
Added stub release notes for Django 3.2.3.
2021-05-06 10:08:00 +02:00
e1e81aa1c4
Fixed #32713 , Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
...
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.
[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
5a43cfe245
Added stub release notes for Django 3.2.2.
2021-05-04 11:01:33 +02:00
0b79eb3691
Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-05-04 08:44:42 +02:00
df0a9e6d5c
Added stub release notes for Django 3.2.1.
2021-04-06 11:49:48 +02:00
d4d800ca1a
Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
...
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
2021-04-06 08:15:17 +02:00
e0f82d7992
Added stub release notes for 3.1.8.
2021-02-25 20:27:10 +01:00
0ad9fa02e0
Refs CVE-2021-23336 -- Updated tests and release notes for affected versions.
2021-02-19 09:03:06 +01:00
8d3c3a5717
Added stub release notes for 3.1.7.
2021-02-01 10:51:16 +01:00
05413afa8c
Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract().
...
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.
Thanks Wang Baohua for the report.
2021-02-01 09:07:36 +01:00
8774b1144c
Added stub release notes for 4.0.
2021-01-14 17:50:04 +01:00
966ed414b2
Added stub release notes for 3.1.6.
2021-01-04 08:58:03 +01:00
adb40d217e
Added stub release notes for 3.1.5.
2020-12-01 07:12:49 +01:00
c8785b473f
Added stub release notes for 3.1.4.
2020-11-02 09:20:53 +01:00
e18156b6c3
Refs #31040 -- Doc'd Python 3.9 compatibility.
2020-10-13 08:35:01 +02:00
85fa24e3eb
Added stub release notes for 3.1.3.
2020-10-01 07:52:45 +02:00
7a60670b78
Added stub release notes for 3.1.2.
2020-09-01 10:45:12 +02:00
8a5683b6b2
Added stub release notes for 2.2.16 and 3.0.10.
2020-08-11 10:31:44 +02:00
6c19230297
Added stub release notes for 3.1.1.
2020-08-04 10:34:38 +02:00
240cbb63bf
Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie().
...
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.
This affects sessions and messages cookies.
2020-07-16 08:16:58 +02:00
c2a835703f
Added stub release notes for 3.0.9.
2020-07-01 07:00:43 +02:00
926148ef01
Fixed #31654 -- Fixed cache key validation messages.
2020-06-05 07:21:52 +02:00
7ec2658e1e
Added stub release notes for 3.0.8.
2020-06-03 10:54:29 +02:00
50798d4389
Added stub release notes for 2.2.13.
2020-05-14 06:22:54 +02:00
3b94f12462
Added stub release notes for 3.2.
2020-05-13 09:07:51 +02:00
8e8ff38cb8
Added stub release notes for 3.0.7.
2020-05-04 07:38:35 +02:00
a7e4ff370c
Added stub release notes for 3.0.6.
2020-04-01 10:09:43 +02:00
a4200e958d
Added stub release notes for 2.2.12.
2020-03-10 12:01:01 +01:00
1b3a900a69
Added stub release notes for 3.0.5.
2020-03-04 10:56:07 +01:00
6695d29b1c
Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle.
...
Thanks to Norbert Szetei for the report.
2020-03-04 09:04:50 +01:00
7e8339748c
Added stub release notes for 2.2.11.
2020-02-10 08:18:58 +01:00
273918c25b
Added stub release notes for 3.0.4.
2020-02-03 10:23:54 +01:00
eb31d84532
Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.
2020-02-03 08:49:13 +01:00
69331bb851
Added stub release notes for 3.0.3.
2020-01-02 08:36:08 +01:00
50a69efb2e
Added stub release notes for 3.0.2.
2019-12-18 10:51:57 +01:00
ec12c37384
Refs #31073 -- Added release notes for 02eff7ef60.
2019-12-11 10:07:41 +01:00
908c67e719
Added stub release notes for 3.0.1.
2019-12-02 21:43:59 +01:00
e9def97d10
Added stub release notes for 2.1.15.
2019-11-19 12:33:39 +01:00
30359496a3
Added stub release notes for 2.2.8 release.
2019-11-12 14:37:59 +01:00
84322a29ce
Added stub release notes for 1.11.26 and 2.1.14.
2019-10-02 07:49:47 +02:00
e1c1eaf0c6
Added stub release notes for 2.2.7.
2019-10-01 10:43:30 +02:00
bd7e0f81f8
Added stub release notes for 1.11.25 and 2.1.13.
2019-09-16 07:37:47 +02:00
32796826bb
Added stub release notes for 3.1.
2019-09-10 12:00:56 +02:00
0d4529d314
Added stub release notes for 2.2.6.
2019-09-04 08:02:32 +02:00
1f8382d34d
Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params.
...
Regression in 4f5b58f5cd
2019-08-14 15:25:35 +02:00
1af469e67f
Added stub release notes for 2.2.5.
2019-08-02 20:32:21 +02:00
f13147c8de
Added stub release notes for security releases.
2019-07-25 10:49:30 +02:00
08e69cad9c
Added stub release notes for 2.2.4.
2019-07-09 07:39:35 +02:00
30b3ee9d0b
Added stub release notes for security releases.
2019-07-01 06:57:27 +02:00
1f81e2df69
Added stub release notes for 2.2.3.
2019-06-05 06:57:44 +02:00
Mariusz Felisiak
Carlton Gibson
Florian Apolloner
Nick Pope
Simon Charette