p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
django/docs/releases
History
Mariusz Felisiak 224b8e5a5a [3.2.x] Fixed #32718 -- Relaxed file name validation in FileField. 
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb3691.
Backport of b55699968f from main
 		2021-05-13 08:55:00 +02:00
..
0.95.txt Prevented (and corrected) single backtick usage in docs. 2020-04-01 14:55:11 +02:00
0.96.txt Fixed spelling of "nonexistent". 2017-02-03 08:01:45 -05:00
1.0-porting-guide.txt Refs #30573 -- Rephrased "Of Course" and "Obvious(ly)" in documentation and comments. 2020-05-04 12:10:47 +02:00
1.0.1.txt
1.0.2.txt
1.0.txt Refs #25778 -- Updated some links to HTTPS and new locations. 2020-01-29 09:34:37 +01:00
1.1.2.txt
1.1.3.txt Refs #31670 -- Removed whitelist/blacklist terminology in docs and comments. 2020-06-17 13:15:56 +02:00
1.1.4.txt Fixed #26020 -- Normalized header stylings in docs. 2016-01-22 12:12:17 -05:00
1.1.txt Removed extra characters in docs header underlines. 2019-02-08 21:38:30 +01:00
1.2.1.txt Used 🎫 role in all tickets links. 2019-11-26 14:02:24 +01:00
1.2.2.txt
1.2.3.txt
1.2.4.txt Refs #31670 -- Removed whitelist/blacklist terminology in docs and comments. 2020-06-17 13:15:56 +02:00
1.2.5.txt Fixed #26020 -- Normalized header stylings in docs. 2016-01-22 12:12:17 -05:00
1.2.6.txt
1.2.7.txt
1.2.txt Used :envvar: role and .. envvar:: directive in various docs. 2020-05-13 09:14:40 +02:00
1.3.1.txt
1.3.2.txt
1.3.3.txt
1.3.4.txt Fixed #26020 -- Normalized header stylings in docs. 2016-01-22 12:12:17 -05:00
1.3.5.txt Fixed #26020 -- Normalized header stylings in docs. 2016-01-22 12:12:17 -05:00
1.3.6.txt Capitalized Unicode in docs, strings, and comments. 2020-04-20 12:10:33 +02:00
1.3.7.txt
1.3.txt Fixed #31696 -- Updated OWASP links in docs. 2020-06-15 09:44:08 +02:00
1.4.1.txt
1.4.2.txt Fixed #26020 -- Normalized header stylings in docs. 2016-01-22 12:12:17 -05:00
1.4.3.txt Fixed #26020 -- Normalized header stylings in docs. 2016-01-22 12:12:17 -05:00
1.4.4.txt Capitalized Unicode in docs, strings, and comments. 2020-04-20 12:10:33 +02:00
1.4.5.txt
1.4.6.txt Refs #17209 -- Removed login/logout and password reset/change function-based views. 2017-09-22 12:51:17 -04:00
1.4.7.txt Fixed #26020 -- Normalized header stylings in docs. 2016-01-22 12:12:17 -05:00
1.4.8.txt Fixed #26020 -- Normalized header stylings in docs. 2016-01-22 12:12:17 -05:00
1.4.9.txt Fixed #26020 -- Normalized header stylings in docs. 2016-01-22 12:12:17 -05:00
1.4.10.txt Fixed #26020 -- Normalized header stylings in docs. 2016-01-22 12:12:17 -05:00
1.4.11.txt Refs #23919 -- Removed Python 2 notes in docs. 2017-01-18 11:51:29 -05:00
1.4.12.txt Fixed #26013 -- Moved django.core.urlresolvers to django.urls. 2015-12-31 14:21:29 -05:00
1.4.13.txt Prevented (and corrected) single backtick usage in docs. 2020-04-01 14:55:11 +02:00
1.4.14.txt Fixed #26013 -- Moved django.core.urlresolvers to django.urls. 2015-12-31 14:21:29 -05:00
1.4.15.txt
1.4.16.txt
1.4.17.txt Refs #23919 -- Removed Python 2 notes in docs. 2017-01-18 11:51:29 -05:00
1.4.18.txt Prevented (and corrected) single backtick usage in docs. 2020-04-01 14:55:11 +02:00
1.4.19.txt Fixed #25778 -- Updated docs links to use https when available. 2015-12-01 08:01:34 -05:00
1.4.20.txt Refs #17209 -- Removed login/logout and password reset/change function-based views. 2017-09-22 12:51:17 -04:00
1.4.21.txt
1.4.22.txt Refs #17209 -- Removed login/logout and password reset/change function-based views. 2017-09-22 12:51:17 -04:00
1.4.txt Used :envvar: role and .. envvar:: directive in various docs. 2020-05-13 09:14:40 +02:00
1.5.1.txt [3.2.x] Added documentation extlink for bugs.python.org. 2021-02-17 14:25:54 +01:00
1.5.2.txt Capitalized Unicode in docs, strings, and comments. 2020-04-20 12:10:33 +02:00
1.5.3.txt Changed docs and a code comment to use gender-neutral pronouns. 2020-11-13 22:26:30 +01:00
1.5.4.txt Fixed #26020 -- Normalized header stylings in docs. 2016-01-22 12:12:17 -05:00
1.5.5.txt Fixed #26020 -- Normalized header stylings in docs. 2016-01-22 12:12:17 -05:00
1.5.6.txt Refs #23919 -- Removed Python 2 notes in docs. 2017-01-18 11:51:29 -05:00
1.5.7.txt Fixed #26013 -- Moved django.core.urlresolvers to django.urls. 2015-12-31 14:21:29 -05:00
1.5.8.txt Prevented (and corrected) single backtick usage in docs. 2020-04-01 14:55:11 +02:00
1.5.9.txt Fixed #26013 -- Moved django.core.urlresolvers to django.urls. 2015-12-31 14:21:29 -05:00
1.5.10.txt
1.5.11.txt
1.5.12.txt
1.5.txt Used :mimetype: role in various docs. 2020-05-13 09:14:04 +02:00
1.6.1.txt Capitalized Unicode in docs, strings, and comments. 2020-04-20 12:10:33 +02:00
1.6.2.txt Refs #23919 -- Removed Python 2 notes in docs. 2017-01-18 11:51:29 -05:00
1.6.3.txt Refs #23919 -- Removed Python 2 notes in docs. 2017-01-18 11:51:29 -05:00
1.6.4.txt Fixed #26013 -- Moved django.core.urlresolvers to django.urls. 2015-12-31 14:21:29 -05:00
1.6.5.txt Prevented (and corrected) single backtick usage in docs. 2020-04-01 14:55:11 +02:00
1.6.6.txt Capitalized Unicode in docs, strings, and comments. 2020-04-20 12:10:33 +02:00
1.6.7.txt
1.6.8.txt
1.6.9.txt Refs #23919 -- Removed Python 2 notes in docs. 2017-01-18 11:51:29 -05:00
1.6.10.txt Prevented (and corrected) single backtick usage in docs. 2020-04-01 14:55:11 +02:00
1.6.11.txt [3.2.x] Added documentation extlink for bugs.python.org. 2021-02-17 14:25:54 +01:00
1.6.txt [3.2.x] Fixed typos in assertQuerysetEqual() docs and 1.6 release notes. 2021-02-26 09:11:57 +01:00
1.7.1.txt Capitalized Unicode in docs, strings, and comments. 2020-04-20 12:10:33 +02:00
1.7.2.txt Capitalized Unicode in docs, strings, and comments. 2020-04-20 12:10:33 +02:00
1.7.3.txt Prevented (and corrected) single backtick usage in docs. 2020-04-01 14:55:11 +02:00
1.7.4.txt
1.7.5.txt
1.7.6.txt
1.7.7.txt [3.2.x] Added documentation extlink for bugs.python.org. 2021-02-17 14:25:54 +01:00
1.7.8.txt
1.7.9.txt
1.7.10.txt Refs #17209 -- Removed login/logout and password reset/change function-based views. 2017-09-22 12:51:17 -04:00
1.7.11.txt Added release date for 1.8.7/1.7.11 releases. 2015-11-24 11:20:29 -05:00
1.7.txt Added backticks to code literals in various docs. 2020-12-15 07:19:00 +01:00
1.8.1.txt Fixed #31534 -- Deprecated django.conf.urls.url(). 2020-05-05 07:34:34 +02:00
1.8.2.txt
1.8.3.txt Prevented (and corrected) single backtick usage in docs. 2020-04-01 14:55:11 +02:00
1.8.4.txt Refs #17209 -- Removed login/logout and password reset/change function-based views. 2017-09-22 12:51:17 -04:00
1.8.5.txt Added release date for 1.8.5. 2015-10-03 19:31:45 -04:00
1.8.6.txt Prevented (and corrected) single backtick usage in docs. 2020-04-01 14:55:11 +02:00
1.8.7.txt Refs #23919 -- Removed Python 2 notes in docs. 2017-01-18 11:51:29 -05:00
1.8.8.txt Added release date for 1.9.1/1.8.8 releases. 2016-01-02 08:35:54 -05:00
1.8.9.txt Added release dates for 1.9.2 and 1.8.9. 2016-02-01 12:02:16 -05:00
1.8.10.txt Refs #17209 -- Removed login/logout and password reset/change function-based views. 2017-09-22 12:51:17 -04:00
1.8.11.txt Added safety to URL decoding in is_safe_url() on Python 2 2016-03-04 23:33:35 +01:00
1.8.12.txt Added release date for 1.9.5 and 1.8.12. 2016-04-01 13:29:43 -04:00
1.8.13.txt Added release date for 1.9.6/1.8.13. 2016-05-02 18:16:36 -04:00
1.8.14.txt Fixed XSS in admin's add/change related popup. 2016-07-18 11:17:01 -04:00
1.8.15.txt Added release notes for 1.9.10 and 1.8.15 releases. 2016-09-26 13:55:21 -04:00
1.8.16.txt Refs #29784 -- Switched to https:// links where available. 2018-09-26 08:48:47 +02:00
1.8.17.txt Added release dates for 1.10.4, 1.9.12, 1.8.17. 2016-12-01 17:15:04 -05:00
1.8.18.txt Refs #17209 -- Removed login/logout and password reset/change function-based views. 2017-09-22 12:51:17 -04:00
1.8.19.txt Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator. 2018-03-06 08:30:40 -05:00
1.8.txt Used :pep: role in various docs. 2020-05-13 09:14:04 +02:00
1.9.1.txt Fixed typo in docs/releases/1.9.1.txt. 2016-03-04 14:16:56 -05:00
1.9.2.txt Added release dates for 1.9.2 and 1.8.9. 2016-02-01 12:02:16 -05:00
1.9.3.txt Refs #17209 -- Removed login/logout and password reset/change function-based views. 2017-09-22 12:51:17 -04:00
1.9.4.txt Added safety to URL decoding in is_safe_url() on Python 2 2016-03-04 23:33:35 +01:00
1.9.5.txt Added release date for 1.9.5 and 1.8.12. 2016-04-01 13:29:43 -04:00
1.9.6.txt Added release date for 1.9.6/1.8.13. 2016-05-02 18:16:36 -04:00
1.9.7.txt Added release date for 1.9.7. 2016-06-04 19:24:51 -04:00
1.9.8.txt Fixed XSS in admin's add/change related popup. 2016-07-18 11:17:01 -04:00
1.9.9.txt Added release dates for 1.10 and 1.9.9 2016-08-01 13:55:08 -04:00
1.9.10.txt Added release notes for 1.9.10 and 1.8.15 releases. 2016-09-26 13:55:21 -04:00
1.9.11.txt Refs #29784 -- Switched to https:// links where available. 2018-09-26 08:48:47 +02:00
1.9.12.txt Added release dates for 1.10.4, 1.9.12, 1.8.17. 2016-12-01 17:15:04 -05:00
1.9.13.txt Refs #17209 -- Removed login/logout and password reset/change function-based views. 2017-09-22 12:51:17 -04:00
1.9.txt Preferred usage of among/while to amongst/whilst. 2020-06-03 21:02:48 +02:00
1.10.1.txt Added release date for 1.10.1. 2016-09-01 16:24:46 -04:00
1.10.2.txt Fixed #27302 -- Fixed ModelAdmin.construct_change_message() changed field detection 2016-10-01 20:14:27 +02:00
1.10.3.txt Refs #29784 -- Switched to https:// links where available. 2018-09-26 08:48:47 +02:00
1.10.4.txt Added release dates for 1.10.4, 1.9.12, 1.8.17. 2016-12-01 17:15:04 -05:00
1.10.5.txt Added release date for 1.10.5. 2017-01-04 13:20:01 -05:00
1.10.6.txt Fixed typo in docs/releases/1.10.6.txt. 2017-03-01 10:11:32 -05:00
1.10.7.txt Refs #17209 -- Removed login/logout and password reset/change function-based views. 2017-09-22 12:51:17 -04:00
1.10.8.txt Fixed CVE-2017-12794 -- Fixed XSS possibility in traceback section of technical 500 debug page. 2017-09-05 10:58:38 -04:00
1.10.txt [3.2.x] Updated links to DEPs. 2021-02-25 17:27:32 +01:00
1.11.1.txt Corrected docs spelling of PgBouncer. 2020-04-01 14:55:11 +02:00
1.11.2.txt Added release date for 1.11.2. 2017-06-01 11:09:51 -04:00
1.11.3.txt Added release date for 1.11.3. 2017-07-01 19:13:35 -04:00
1.11.4.txt Added release date for 1.11.4. 2017-08-01 08:08:18 -04:00
1.11.5.txt Fixed CVE-2017-12794 -- Fixed XSS possibility in traceback section of technical 500 debug page. 2017-09-05 10:58:38 -04:00
1.11.6.txt Added release date for 1.11.6. 2017-10-05 14:13:32 -04:00
1.11.7.txt Added release date for 1.11.7. 2017-11-01 21:11:38 -04:00
1.11.8.txt Added release dates for 2.0 and 1.11.8. 2017-12-02 08:55:33 -05:00
1.11.9.txt Added release date for 2.0.1 and 1.11.9. 2018-01-01 19:34:34 -05:00
1.11.10.txt Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm. 2018-02-01 09:05:14 -05:00
1.11.11.txt Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator. 2018-03-06 08:30:40 -05:00
1.11.12.txt Added release date for 2.0.4 and 1.11.12. 2018-04-02 21:36:23 -04:00
1.11.13.txt Added release date for 2.0.5 and 1.11.13. 2018-05-01 21:18:44 -04:00
1.11.14.txt Added release date for 1.11.14. 2018-07-02 10:12:20 +02:00
1.11.15.txt Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware. 2018-08-01 09:28:42 -04:00
1.11.16.txt Added release date for 1.11.16. 2018-10-01 09:34:57 +02:00
1.11.17.txt Added release date for 1.11.17. 2018-12-03 15:14:58 +01:00
1.11.18.txt Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page. 2019-01-03 21:21:55 -05:00
1.11.19.txt Fixed typos in 1.11.19, 2.0.11, 2.1.6 release notes. 2019-06-21 07:07:23 +02:00
1.11.20.txt Refs #30175 -- Added release notes for 2.1.7, 2.0.12, and 1.11.20 releases. 2019-02-11 15:46:33 +01:00
1.11.21.txt Fixed typos in 1.11.21, 2.1.9, 2.2.2 release notes. 2019-06-03 14:08:51 +02:00
1.11.22.txt Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 2019-07-01 07:48:04 +02:00
1.11.23.txt Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri(). 2019-08-01 09:24:54 +02:00
1.11.24.txt Added release dates for 2.2.5, 2.1.12, and 1.11.24. 2019-09-02 07:43:51 +02:00
1.11.25.txt Added release dates for 2.2.6, 2.1.13, and 1.11.25. 2019-10-01 08:49:15 +02:00
1.11.26.txt Added release dates for 2.2.7, 2.1.14, and 1.11.26. 2019-11-04 08:20:22 +01:00
1.11.27.txt Fixed CVE-2019-19844 -- Used verified user email for password reset requests. 2019-12-18 09:11:39 +01:00
1.11.28.txt Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter. 2020-02-03 08:49:13 +01:00
1.11.29.txt Fixed typo in docs/releases/1.11.29.txt. 2020-03-04 10:46:43 +01:00
1.11.txt Fixed #28009 -- Doc'd empty_value for CharField subclasses. 2020-09-25 12:36:33 +02:00
2.0.1.txt Added release date for 2.0.1 and 1.11.9. 2018-01-01 19:34:34 -05:00
2.0.2.txt Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm. 2018-02-01 09:05:14 -05:00
2.0.3.txt Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator. 2018-03-06 08:30:40 -05:00
2.0.4.txt Prevented (and corrected) single backtick usage in docs. 2020-04-01 14:55:11 +02:00
2.0.5.txt Fixed typo in docs/releases/2.0.5.txt. 2018-08-21 09:48:14 -04:00
2.0.6.txt Fixed #28462 -- Decreased memory usage with ModelAdmin.list_editable. 2018-06-01 10:41:05 -04:00
2.0.7.txt Forwardported 2.0.7 release note. 2018-06-28 11:07:37 -04:00
2.0.8.txt Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware. 2018-08-01 09:28:42 -04:00
2.0.9.txt Added release date for 2.0.9 release. 2018-10-01 09:55:56 +02:00
2.0.10.txt Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page. 2019-01-03 21:21:55 -05:00
2.0.11.txt Fixed typos in 1.11.19, 2.0.11, 2.1.6 release notes. 2019-06-21 07:07:23 +02:00
2.0.12.txt Refs #30175 -- Added release notes for 2.1.7, 2.0.12, and 1.11.20 releases. 2019-02-11 15:46:33 +01:00
2.0.13.txt Refs #30177 -- Forwardported 2.0.13 release notes. 2019-02-11 15:45:04 -05:00
2.0.txt Capitalized Unicode in docs, strings, and comments. 2020-04-20 12:10:33 +02:00
2.1.1.txt Added release date for 2.1.1. 2018-08-31 10:12:51 +02:00
2.1.2.txt Added release date for 2.1.2 release. 2018-10-01 10:10:48 +02:00
2.1.3.txt Added release date for 2.1.2 release. 2018-11-01 15:02:22 +01:00
2.1.4.txt Added release date for 2.1.4. 2018-12-03 17:29:46 +01:00
2.1.5.txt Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page. 2019-01-03 21:21:55 -05:00
2.1.6.txt Fixed typos in 1.11.19, 2.0.11, 2.1.6 release notes. 2019-06-21 07:07:23 +02:00
2.1.7.txt Refs #30175 -- Added release notes for 2.1.7, 2.0.12, and 1.11.20 releases. 2019-02-11 15:46:33 +01:00
2.1.8.txt Fixed #30289 -- Prevented admin inlines for a ManyToManyField's implicit through model from being editable if the user only has the view permission. 2019-03-30 16:49:16 -04:00
2.1.9.txt Fixed typos in 1.11.21, 2.1.9, 2.2.2 release notes. 2019-06-03 14:08:51 +02:00
2.1.10.txt Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 2019-07-01 07:48:04 +02:00
2.1.11.txt Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri(). 2019-08-01 09:24:54 +02:00
2.1.12.txt Added release dates for 2.2.5, 2.1.12, and 1.11.24. 2019-09-02 07:43:51 +02:00
2.1.13.txt Added release dates for 2.2.6, 2.1.13, and 1.11.25. 2019-10-01 08:49:15 +02:00
2.1.14.txt Added release dates for 2.2.7, 2.1.14, and 1.11.26. 2019-11-04 08:20:22 +01:00
2.1.15.txt Preferred usage of among/while to amongst/whilst. 2020-06-03 21:02:48 +02:00
2.1.txt Fixed a/an typos in "SQL" usage. 2020-05-06 06:35:26 +02:00
2.2.1.txt Used :envvar: role and .. envvar:: directive in various docs. 2020-05-13 09:14:40 +02:00
2.2.2.txt Fixed typos in 1.11.21, 2.1.9, 2.2.2 release notes. 2019-06-03 14:08:51 +02:00
2.2.3.txt Added release date for 2.2.3. 2019-07-01 07:48:45 +02:00
2.2.4.txt Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri(). 2019-08-01 09:24:54 +02:00
2.2.5.txt Added release dates for 2.2.5, 2.1.12, and 1.11.24. 2019-09-02 07:43:51 +02:00
2.2.6.txt Added release dates for 2.2.6, 2.1.13, and 1.11.25. 2019-10-01 08:49:15 +02:00
2.2.7.txt Added release dates for 2.2.7, 2.1.14, and 1.11.26. 2019-11-04 08:20:22 +01:00
2.2.8.txt Preferred usage of among/while to amongst/whilst. 2020-06-03 21:02:48 +02:00
2.2.9.txt Fixed CVE-2019-19844 -- Used verified user email for password reset requests. 2019-12-18 09:11:39 +01:00
2.2.10.txt Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter. 2020-02-03 08:49:13 +01:00
2.2.11.txt Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle. 2020-03-04 09:04:50 +01:00
2.2.12.txt Added release dates for 2.1.12 and 3.0.5. 2020-04-01 09:14:56 +02:00
2.2.13.txt Fixed CVE-2020-13254 -- Enforced cache key validation in memcached backends. 2020-06-03 09:24:26 +02:00
2.2.14.txt Added release date for 2.2.14 and 3.0.8. 2020-07-01 06:16:32 +02:00
2.2.15.txt Added release date for 2.2.15 and 3.0.9. 2020-08-03 08:52:28 +02:00
2.2.16.txt Added release date for 3.1.1, 3.0.10, and 2.2.16. 2020-09-01 09:56:42 +02:00
2.2.17.txt Set release date for 3.1.3, 3.0.11, and 2.2.17. 2020-11-02 08:35:24 +01:00
2.2.18.txt [3.2.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract(). 2021-02-01 09:13:37 +01:00
2.2.19.txt [3.2.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.http.parse_qsl(). 2021-02-19 09:15:09 +01:00
2.2.20.txt [3.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. 2021-04-06 08:24:01 +02:00
2.2.21.txt [3.2.x] Refs #32718 -- Corrected CVE-2021-31542 release notes. 2021-05-12 10:42:32 +02:00
2.2.22.txt [3.2.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+. 2021-05-06 08:48:22 +02:00
2.2.23.txt [3.2.x] Fixed #32718 -- Relaxed file name validation in FileField. 2021-05-13 08:55:00 +02:00
2.2.txt Refs #31040 -- Doc'd Python 3.9 compatibility. 2020-10-13 08:35:01 +02:00
3.0.1.txt Used :envvar: role and .. envvar:: directive in various docs. 2020-05-13 09:14:40 +02:00
3.0.2.txt Added release date for 3.0.2. 2020-01-02 07:55:53 +01:00
3.0.3.txt Added release date for 3.0.3. 2020-02-03 08:52:16 +01:00
3.0.4.txt Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle. 2020-03-04 09:04:50 +01:00
3.0.5.txt Added release dates for 2.1.12 and 3.0.5. 2020-04-01 09:14:56 +02:00
3.0.6.txt Fixed typo in docs/releases/3.0.6.txt. 2020-05-04 07:42:25 +02:00
3.0.7.txt Fixed CVE-2020-13254 -- Enforced cache key validation in memcached backends. 2020-06-03 09:24:26 +02:00
3.0.8.txt Added release date for 2.2.14 and 3.0.8. 2020-07-01 06:16:32 +02:00
3.0.9.txt Added release date for 2.2.15 and 3.0.9. 2020-08-03 08:52:28 +02:00
3.0.10.txt Added release date for 3.1.1, 3.0.10, and 2.2.16. 2020-09-01 09:56:42 +02:00
3.0.11.txt Set release date for 3.1.3, 3.0.11, and 2.2.17. 2020-11-02 08:35:24 +01:00
3.0.12.txt [3.2.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract(). 2021-02-01 09:13:37 +01:00
3.0.13.txt [3.2.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.http.parse_qsl(). 2021-02-19 09:15:09 +01:00
3.0.14.txt [3.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. 2021-04-06 08:24:01 +02:00
3.0.txt Refs #31040 -- Doc'd Python 3.9 compatibility. 2020-10-13 08:35:01 +02:00
3.1.1.txt Refs #31956 -- Doc'd consequences of disabling psycopg2's JSONB typecaster. 2020-09-10 11:00:13 +02:00
3.1.2.txt Added release date for 3.1.2. 2020-10-01 07:22:28 +02:00
3.1.3.txt Set release date for 3.1.3, 3.0.11, and 2.2.17. 2020-11-02 08:35:24 +01:00
3.1.4.txt Added release date for 3.1.4. 2020-12-01 06:24:16 +01:00
3.1.5.txt Added release date for 3.1.5. 2021-01-04 08:31:51 +01:00
3.1.6.txt [3.2.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract(). 2021-02-01 09:13:37 +01:00
3.1.7.txt [3.2.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.http.parse_qsl(). 2021-02-19 09:15:09 +01:00
3.1.8.txt [3.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. 2021-04-06 08:24:01 +02:00
3.1.9.txt [3.2.x] Refs #32718 -- Corrected CVE-2021-31542 release notes. 2021-05-12 10:42:32 +02:00
3.1.10.txt [3.2.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+. 2021-05-06 08:48:22 +02:00
3.1.11.txt [3.2.x] Fixed #32718 -- Relaxed file name validation in FileField. 2021-05-13 08:55:00 +02:00
3.1.txt [3.2.x] Fixed #32348, Refs #29087 -- Corrected tutorial for updated deleting inlines UI. 2021-01-27 08:47:27 +01:00
3.2.1.txt [3.2.x] Refs #32718 -- Corrected CVE-2021-31542 release notes. 2021-05-12 10:42:32 +02:00
3.2.2.txt [3.2.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+. 2021-05-06 08:48:22 +02:00
3.2.3.txt [3.2.x] Fixed #32718 -- Relaxed file name validation in FileField. 2021-05-13 08:55:00 +02:00
3.2.txt [3.2.x] Refs #32674 -- Noted that auto-created through table PKs cannot be automatically migrated. 2021-04-29 15:14:15 +02:00
index.txt [3.2.x] Fixed #32718 -- Relaxed file name validation in FileField. 2021-05-13 08:55:00 +02:00
security.txt [3.2.x] Added CVE-2021-32052 to security archive. 2021-05-06 10:03:45 +02:00