76ed1c49f8
Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
7deeabc7c7
Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
...
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
2019-08-01 09:24:54 +02:00
4b78420d25
Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
7f65974f82
Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
f13147c8de
Added stub release notes for security releases.
2019-07-25 10:49:30 +02:00
fc75694257
Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved.
2019-07-24 14:08:37 +02:00
2ff517ccb6
Fixed #30506 -- Fixed crash of autoreloader when path contains null characters.
2019-07-23 10:03:23 +02:00
7991111af1
Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField when the right hand side is the same type.
...
Thanks Tilman Koschnick for the report and initial patch.
Thanks Carlton Gibson the review.
Regression in 6b048b364c
2019-07-10 10:33:36 +02:00
ee6e93ec87
Fixed #30628 -- Adjusted expression identity to differentiate bound fields.
...
Expressions referring to different bound fields should not be
considered equal.
Thanks Julien Enselme for the detailed report.
Regression in bc7e288ca9
2019-07-10 07:46:08 +02:00
08e69cad9c
Added stub release notes for 2.2.4.
2019-07-09 07:39:35 +02:00
Florian Apolloner
Mariusz Felisiak
Carlton Gibson
Tom Forbes
Simon Charette