97dfc30f5b
[1.8.x] Fixed #28802 -- Fixed typo in docs/topics/auth/default.txt.
...
Backport of d392fc293c
2017-11-16 10:39:59 -05:00
5e5c056e0e
[1.8.x] Added 2017-12794 to the security release archive.
...
Backport of 79ae5811c7
2017-09-05 12:33:47 -04:00
16dfaa5f94
[1.8.x] Removed redundant backticks in docs/releases/1.8.txt
...
Backport of 8d095c6378
2017-08-21 12:15:29 +02:00
0b9f366c60
[1.8.x] Added CVE-2017-7233,4 to the security release archive.
...
Backport of b749c980a0
2017-04-04 21:53:50 -04:00
8339277518
[1.8.x] Fixed #27912 , CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs.
...
This is a security fix.
2017-03-28 12:57:34 -04:00
4a6b945dff
[1.8.x] Fixed CVE-2017-7234 -- Fixed open redirect vulnerability in views.static.serve().
...
This is a security fix.
2017-03-28 12:57:34 -04:00
081c263dff
[1.8.x] Added stub release notes for security release.
2017-03-28 12:57:33 -04:00
b2fff69aa6
[1.8.x] Added release date for 1.8.17.
...
Backport of 9ea9686532
2016-12-01 17:16:55 -05:00
32f50999cd
[1.8.x] Fixed #27420 -- Quoted the Oracle test user password in queries.
...
Backport of c4b04e1598
2016-11-08 16:45:12 -05:00
90c61538ba
[1.8.x] Added CVE-2016-9013,14 to the security release archive.
...
Backport of b8ae2c16cf
2016-11-01 10:48:58 -04:00
c401ae9a7d
[1.8.x] Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True.
...
This is a security fix.
2016-10-25 15:27:45 -04:00
70f9995296
[1.8.x] Fixed CVE-2016-9013 -- Generated a random database user password when running tests on Oracle.
...
This is a security fix.
2016-10-25 14:24:11 -04:00
33bf6220e2
[1.8.x] Added stub release notes for 1.8.16.
2016-10-25 13:56:26 -04:00
6e24eeef60
[1.8.x] Fixed 27283 -- Fixed typo in 1.8 release notes.
...
Backport of 3203171832
2016-09-28 06:51:42 -04:00
d5430a5ff9
[1.8.x] Added CVE-2016-7401 to the security release archive.
...
Backport of 6fe846a8f0
2016-09-26 18:30:31 -04:00
47f5d799b2
[1.8.x] Added a CVE role for Sphinx.
...
Backport of a46742e738
2016-09-26 18:30:16 -04:00
6118ab7d06
[1.8.x] Fixed CVE-2016-7401 -- Fixed CSRF protection bypass on a site with Google Analytics.
...
This is a security fix.
Backport of "refs #26158 -- rewrote http.parse_cookie() to better match
browsers." 93a135d111
2016-09-14 13:42:24 -04:00
717aa88439
[1.8.x] Fixed #26807 -- Documented how to replicate SubfieldBase's assignment behavior.
...
Backport of 518eaf1fa2
2016-08-18 21:09:12 -04:00
2deed2ea08
[1.8.x] Added CVE-2016-6186 to the security release archive.
...
Backport of bc53af13cb
2016-07-18 15:20:55 -04:00
f68e5a9916
[1.8.x] Fixed XSS in admin's add/change related popup.
...
This is a security fix.
2016-07-18 13:45:11 -04:00
8edfdddbc8
[1.8.x] Fixed #26889 -- Fixed missing PostgreSQL index in SchemaEditor.add_field().
...
Backport of 2e4cfcd2b9
2016-07-13 22:15:43 -04:00
0f12924eb5
[1.8.x] Updated release notes links to prevent warnings with Sphinx 1.4.2.
...
Backport of 149ace94df
2016-06-02 11:50:26 -04:00
3b2b51712b
[1.8.x] Added release date for 1.8.13.
2016-05-02 18:17:09 -04:00
052e1f17ca
[1.8.x] Fixed #26557 -- Converted empty strings to None when saving GenericIPAddressField.
...
Backport of 4681d65048
2016-04-29 10:17:00 -04:00
0a411b2224
[1.8.x] Fixed #26498 -- Fixed TimeField microseconds round-tripping on MySQL and SQLite.
...
Thanks adamchainz for the report and review.
Backport of d3c87a2425
2016-04-18 09:49:31 -04:00
a61b26a651
[1.8.x] Added stub release notes for 1.8.13.
...
Backport of ad3c72118f
2016-04-13 13:22:08 -04:00
539302ee9a
[1.8.x] Added release date for 1.8.12.
...
Backport of 93539ba2f4
2016-04-01 13:30:53 -04:00
0496838e61
[1.8.x] Fixed #26387 -- Restored the functionality of the admin's raw_id_fields in list_editable.
...
Backport of acfaec3db5
2016-03-25 14:57:12 -04:00
c7764ca3a0
[1.8.x] Fixed #26324 -- Fixed DurationField with fractional seconds on SQLite.
...
Backport of 4f0cd0fd16
2016-03-10 19:16:31 -05:00
a5e9ae9ad5
[1.8.x] Fixed #26325 -- Made MultiPartParser ignore filenames that normalize to an empty string.
...
Backport of 4b129ac81f
2016-03-07 13:22:38 -05:00
6d312f95f3
[1.8.x] Added stub release notes for 1.8.12.
...
Backport of c960af4adb
2016-03-05 10:02:12 -05:00
beb392b85e
[1.8.x] Added safety to URL decoding in is_safe_url() on Python 2
...
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218ada7a4aef552f03869e
2016-03-04 23:39:46 +01:00
28bed24f55
[1.8.x] Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()
...
This fixes a regression introduced by c5544d2892ada7a4aef
2016-03-04 21:16:51 +01:00
f294b3833b
[1.8.x] Added stub release notes for 1.8.11.
...
Backport of 2f0c785a4c
2016-03-04 09:48:11 -05:00
e4be3c80a1
[1.8.x] Fixed #26309 -- Documented that login URL settings no longer support dotted paths.
...
Backport of 2404d209a5
2016-03-03 07:49:06 -05:00
6a9bb1447c
[1.8.x] Fixed typo in 1.8.10 release date.
...
Backport of 5155c2b458
2016-03-02 07:10:21 -05:00
640c99e8b3
[1.8.x] Added CVE-2016-2512/2513 to security release archive.
...
Backport of 24fc935218
2016-03-01 12:36:20 -05:00
f4e6e02f77
[1.8.x] Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
...
This is a security fix.
2016-02-29 08:07:17 -05:00
382ab13731
[1.8.x] Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.
...
This is a security fix.
2016-02-29 08:07:17 -05:00
922f228695
[1.8.x] Added stub release notes for security issues.
2016-02-29 08:07:17 -05:00
4701c81df3
[1.8.x] Fixed #26286 -- Prevented content type managers from sharing their cache.
...
This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.
Thanks Tim for the review.
Refs #23822 .
Backport of 3938b3ccaa
2016-02-26 16:24:28 -05:00
6c48edae76
[1.8.x] Fixed #26267 -- Fixed BoundField to reallow slices of subwidgets.
...
Backport of b412681359
2016-02-24 07:09:08 -05:00
0f667a580a
[1.8.x] Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator.
...
Thanks Shai Berger for the review.
Backport of b1afebf882
2016-02-18 19:56:36 -05:00
5bce665974
[1.8.x] Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values
...
Also added tests for HStoreField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
Backport of 928c12eb1
2016-02-16 21:14:24 +01:00
180d4cbfe6
[1.8.x] Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable.
...
Backport of b59f963ad2
2016-02-15 11:52:14 -05:00
edff550392
[1.8.x] Fixed #26162 -- Checked query name clashes of hidden relationships.
...
Although reverse accessor clashes should be skipped query name can't be hidden.
Thanks to Ian Foote and Tim Graham for the review.
Backport of a325fb1f9b
2016-02-08 10:42:31 -05:00
2f0de9b0a1
[1.8.x] Fixed #26177 -- Fixed a PostgreSQL crash with TIME_ZONE=None and USE_TZ=False.
...
Backport of 97eb3356b2
2016-02-08 07:45:10 -05:00
b650623882
[1.8.x] Added stub release notes for 1.8.10.
...
Backport of d6337e65ed
2016-02-06 09:25:02 -05:00
c247753083
[1.8.x] Fix typos in 1.8 release notes.
...
Backport of a0ce4c09ff
2016-02-03 15:27:40 -05:00
ea2d9f0d4a
[1.8.x] Refs #26089 -- Removed obsolete docs about custom user model testing.
...
Backport of 1e9150443e
2016-02-02 08:55:37 -05:00
Tim Graham
Berker Peksag
Mariusz Felisiak
Marti Raudsepp
Alasdair Nicol
Collin Anderson
Jon Dufresne
Joshua Phillips
Lukasz Wiecek
John-Mark Bell
Claude Paroz
Dmitry Dygalo
Florian Apolloner
Mark Striemer
Simon Charette
Carl Meyer