623c4916df
[1.6.x] Add release notes and bump version number for security release.
2013-09-15 00:36:03 -06:00
5ecc0f828e
[1.6.x] Ensure that passwords are never long enough for a DoS.
...
* Limit the password length to 4096 bytes
* Password hashers will raise a ValueError
* django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change
Thanks to Josh Wright for the report, and Donald Stufft for the patch.
This is a security fix; disclosure to follow shortly.
Backport of aae5a96d57
2013-09-15 13:46:16 +08:00
4c4954a3c1
[1.6.x] Added tests for double-pickling a QuerySet
...
Refs #21102 .
Backpatch of 74b91b3888
2013-09-14 10:36:48 +03:00
097fb98f81
[1.6.x] Fixed #21101 -- Updated urlize documentation to mention email addresses
...
Backport of 39b49fd339
2013-09-13 12:42:40 -04:00
7a2adec4d0
[1.6.x] Fixed #21100 -- Noted that Create/UpdateViews.fields is new in 1.6
...
Thanks AndrewIngram for the suggestion.
Backport of ec89e1725a
2013-09-13 09:35:22 -04:00
6e17534c89
[1.6.x] Fixed #21094 -- Updated reuseable apps tutorial to use pip for installation.
...
Thanks ylb415 at gmail.com for the suggestion.
Backport of e4aab1bb8d
2013-09-13 09:30:12 -04:00
c91ffd5f23
[1.6.x] Documentation -- added instructions on working with pull requests
...
Since non-core contributors are asked to review patches, instructions
on working with pull requests were added to the Working with Git and
GitHub page (based on the existing instructions in the core
committers page).
Backport of 990ce9aab9
2013-09-13 08:27:23 -04:00
a929adfd3b
[1.6.x] Fixed #21095 -- Documented new requirement for dates lookups.
...
Day, month, and week_day lookups now require time zone definitions in the database.
Backport of 9451d8d
2013-09-13 10:20:13 +02:00
66e6e2d146
[1.6.x] Fixed a couple of typos in GeoDjango docs.
...
8b366a50f4
2013-09-12 19:45:27 -03:00
e8bb41d05c
[1.6.x] Minor typo fix in django.contrib.auth.models.User docs
...
Backport of bd72c2acb6
2013-09-11 19:44:35 -04:00
b05639dcac
[1.6.x] Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH.
...
Thanks EvilDMP for the report and Russell Keith-Magee
for the draft text.
Backport of da843e7dba
2013-09-11 08:18:48 -04:00
4f0ea1aca4
[1.6.x] Documentation -- Improved description of cache arguments
...
- Fixed some grammar and formatting mistakes
- Added the type and default for CULL_FREQUENCY
- Made the note on culling the entire cache more precise. (It's actually
slower on the filesystem backend.)
Backport of 5eca021d48
2013-09-11 07:43:24 -04:00
ed9b7b6295
[1.6.x] Bump version number for 1.6 beta 3 security release.
2013-09-10 20:32:14 -05:00
2f2731e67e
[1.6.x] Added 1.4.7/1.5.3 release notes
...
Backport of baec6a26dd
2013-09-10 21:08:27 -04:00
536cc64240
[1.6.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths.
...
Thanks Rainer Koirikivi for the report and draft patch.
This is a security fix; disclosure to follow shortly.
Backport of 7fe5b656c9
2013-09-10 21:03:51 -04:00
ef3604a085
[1.6.x] Fixed broken sphinx reference to staticfiles.
...
Backport of 751dc0a36b
2013-09-10 16:31:51 -04:00
f9f792eb04
[1.6.x] Took advantage of django.utils.six.moves.urllib.*.
...
Backport of 6a6428a36
2013-09-10 21:29:31 +02:00
960f5bc759
[1.6.x] Fixed #21075 - Improved doc for calling call_command with arguments.
...
Backport of fca4c4826e
2013-09-10 09:18:14 -04:00
01ad508514
[1.6.x] Fixed spelling; refs #16895 .
...
Thanks Panagiotis Issaris for the report.
Backport of fb51c9a0f2
2013-09-09 11:31:25 -04:00
276e053803
[1.6.x] Fixed #16895 -- Warned about cost of QuerySet ordering
...
Thanks outofculture at gmail.com for the suggestion.
Backport of cbf08c6b0c
2013-09-09 09:49:15 -04:00
e4274e3da1
[1.6.x] Fixed #20707 -- Added explicit quota assignment to Oracle test user
...
To enable testing on Oracle 12c
2013-09-09 14:02:21 +03:00
b085e7c303
[1.6.x] Further hardening. Refs #18766 .
...
Backport of c687bf0
2013-09-08 20:43:33 +02:00
0035a0ce2e
[1.6.x] Hardened the test introduced in ded11aa6. Refs #18766 .
...
Inputs acceptable to time.mktime are platform-dependent.
Backport of 1a1e1478
2013-09-08 19:41:34 +02:00
7c31e195db
[1.6.x] Fixed #18766 -- Pointed to pytz when LocalTimezone fails.
...
Thanks void for the report.
Backport of ded11aa6
2013-09-08 09:17:03 +02:00
c03848b540
[1.6.x] Fixed #21068 -- Added some docs for DiscoverRunner
...
Thanks jcd.
Backport of e4b012feeb
2013-09-07 16:11:03 -04:00
01edcf70f2
Fixed #20409 -- Clarified how unique_for_date works when USE_TZ is set.
2013-09-07 14:09:52 -05:00
be9930d7be
[1.6.x] Fixed deprecation warning on Python 3
...
Backport of b7451b72
2013-09-07 13:15:13 -05:00
63b95ca452
[1.6.x] Fixed 9244447c -- incomplete backport.
...
The test client had been refactored in the mean time. This commit
de-factors the fix. Refs #20530 .
2013-09-07 13:15:13 -05:00
7b8037f3aa
[1.6.x] Fixed #20005 -- Documented that Oracle databases need execute permission on SYS.DBMS_LOB.
...
Thanks jafula for the suggestion.
Backport of a86ecc80a2
2013-09-07 14:01:05 -04:00
17b67e17a3
[1.6.x] Fixed #20938 -- Added cached sessions note to deployment checklist.
...
Thanks mjtamlyn for the suggestion.
Backport of 4e784f337c
2013-09-07 13:08:45 -04:00
7fcd6aa669
[1.6.x] Fixed #20530 -- Properly decoded non-ASCII query strings on Python 3.
...
Thanks mitsuhiko for the report.
Backport of 65b6eff38aaca65
2013-09-07 12:06:38 -05:00
9244447cc4
[1.6.x] Fixed an encoding issue in the test client.
...
Refs #20530 .
Backport of 7bb62793476b0764
2013-09-07 12:06:19 -05:00
a357c854c9
[1.6.x] Fixed #16992 -- Added InnoDB warning regarding reuse of AUTO_INCREMENT values.
...
Thanks kent at nsc.liu.se for the report.
Backport of c54fa1a7bc
2013-09-07 12:16:43 -04:00
fac5735a3d
[1.6.x] Fixed #20557 -- Properly decoded non-ASCII cookies on Python 3.
...
Thanks mitsuhiko for the report.
Non-ASCII values are supported. Non-ASCII keys still aren't, because the
current parser mangles them. That's another bug.
Simplified backport of 8aaca651f5add47
2013-09-07 10:45:24 -05:00
f855058c35
[1.6.x] Fixed #11811 -- Data-loss bug in queryset.update.
...
It's now forbidden to call queryset.update(field=instance) when instance
hasn't been saved to the database ie. instance.pk is None.
Conflicts:
tests/queries/tests.py
Backport of b4cd8169
2013-09-06 21:59:28 -05:00
2a2ac5c140
Merge pull request #1566 from adamsc64/ticket_11857
...
Fixed #11857 -- Added missing 'closed' property on TemporaryFile class.
Backport of 926bc42
2013-09-06 19:44:25 -05:00
6ba01f64c1
[1.6.x] Fixed Python 3 syntax error introduced in [ c72392da]
...
Backport of 498014ccd5
2013-09-06 20:08:56 -04:00
3df9647ad9
[1.6.x] Merge pull request #1582 from rca/12756-missing-yaml-module-serializer-error-message
...
Fixed #12756 : Improved error message when yaml module is missing.
Backport of 4f5faa1916
2013-09-06 19:01:24 -05:00
99952bab30
[1.6.x] Merge pull request #1580 from ianawilson/ticket_16502
...
Fixed #16502 -- Fixed a TemplateDoesNotExist error that should be an ImproperlyConfigured.
Assistance on the patch from #jambronrose.
Backport of 9b2dc12b83
2013-09-06 17:39:16 -05:00
b917458f47
Merge pull request #1579 from ianawilson/ticket_21058
...
[1.6.x] Fixed #21058 -- Fixed debug view blowing up when no template is provided to the template rendering functions.
Assistance on this commit from @jambonrose.
Backport of 122020fdb9
2013-09-06 17:11:07 -05:00
2ab2d0fb25
[1.6.x] Fixed a link in topics/testing/overview.txt
...
Backport of 0c295a7718
2013-09-06 17:41:43 -04:00
92e89452f1
[1.6.x] Fixed #21049 -- Fixed autoreload for Python 3
...
Changed th system module values check to return a list.
In Python 3 it returns a dict_view which could occassionally produce
a runtime error of "dictionary changed size during iteration".
Backport of 559cb826b8
2013-09-06 17:32:08 -04:00
2c73ba88f2
[1.6.x] Fixed #19295 -- Documented that CachedStaticFilesStorage isn't compatible with runserver --insecure.
...
Backport of 028db97503
2013-09-06 17:30:59 -04:00
da44a8bdc2
[1.6.x] Fixed #20646 -- Clarified the use of AbstractBaseUser.REQUIRED_FIELDS
...
Thanks craigbruce.
Backport of db3de52807
2013-09-06 16:06:46 -04:00
544382dd85
[1.6.x] Fixed instructions for running a subset of tests.
...
Backport of cd4068f359
2013-09-06 14:31:43 -04:00
180b9955cc
[1.6.x] Fixed #21035 -- Changed docs to treat the acronym SQL phonetically.
...
The documentation and comments now all use 'an' to
refer to the word SQL and not 'a'.
Backport of 4d13cc56de
2013-09-05 20:16:14 -04:00
9f69ae7847
[1.6.x] Fixed #21047 -- Added CLA mesage on the new contributor advice doc
...
Backport of 93dd31cadf
2013-09-05 17:54:56 -04:00
1dd061ad77
[1.6.x] Fixed #21044 -- Documented django.core.urlresolvers.Resolver404
...
Thanks Keryn Knight for the suggestion.
Backport of eacf060e01
2013-09-05 08:45:58 -04:00
622d5c7650
[1.6.x] Fixed #20900 -- Documented RemoteUserBackend.authenticate
...
Backport of 7b62b80693
2013-09-05 06:32:50 -04:00
77cf0d6519
[1.6.x] Fixed #21041 -- Removed a duplicate form in tests.
...
Thanks tuxcanfly.
Backport of bab039d74c
2013-09-05 06:32:26 -04:00
James Bennett
Russell Keith-Magee
Anssi Kääriäinen
Goetz
Tim Graham
Kevin Christopher Henry
Matt Austin
Ramiro Morales
Phaneendra Chiruvella
Tarjei Husøy
Aymeric Augustin
oz123
e0ne
Садовский Николай
Keith Edmiston
Max Burstein
Eric Boersma
micahhausler