968b9af9b7
[2.1.x] Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params.
...
Regression in 4f5b58f5cd1f8382d34d
2019-08-14 15:37:01 +02:00
46c2856543
[2.1.x] Added CVE-2019-14235 to security release archive.
...
Backport of a5652eb795
2019-08-01 12:06:02 +02:00
8403afd843
[2.1.x] Added CVE-2019-14234 to security release archive.
...
Backport of 3a6a2f5eaf
2019-08-01 12:05:56 +02:00
8ffd075373
[2.1.x] Added CVE-2019-14233 to security release archive.
...
Backport of 9600f63885
2019-08-01 12:05:49 +02:00
dbecd71e43
[2.1.x] Added CVE-2019-14232 to the security release archive.
...
Backport of 87750787d1
2019-08-01 12:05:42 +02:00
d974492c31
[2.1.x] Post-release version bump.
2019-08-01 10:53:28 +02:00
ff9dcc0867
[2.1.x] Bumped version for 2.1.11 release.
2019-08-01 10:48:48 +02:00
5d50a2e5fa
[2.1.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
...
Thanks to Guido Vranken for initial report.
2019-07-31 12:43:32 +02:00
f74b3ae362
[2.1.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
...
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
2019-07-31 12:43:32 +02:00
5ff8e79114
[2.1.X] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
...
Thanks to Guido Vranken for initial report.
2019-07-29 11:12:53 +02:00
c23723a155
[2.1.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
...
Thanks to Guido Vranken for initial report.
2019-07-29 11:09:18 +02:00
24eba901eb
[2.1.x] Added stub release notes for security releases.
...
Backport of f13147c8de
2019-07-25 10:54:51 +02:00
765dac3d76
[2.1.x] Added CVE-2019-12781 to the security release archive.
...
Backport of 868cd56f05
2019-07-01 10:21:48 +02:00
fafde97fd7
[2.1.x] Post-release version bump.
2019-07-01 08:37:24 +02:00
90a1cfd600
[2.1.x] Bumped version for 2.1.10 release.
2019-07-01 08:27:38 +02:00
1e40f427bb
[2.1.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
...
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
Backport of 54d0f5e62f
2019-07-01 08:24:47 +02:00
87be9c9626
[2.1.x] Added stub release notes for security releases.
...
Backport of 30b3ee9d0b
2019-07-01 07:04:03 +02:00
757c226fd6
[2.1.x] Fixed GeoIPTest.test04_city() failure with the latest GeoIP2 database.
...
Backport of 4305fbe8b1
2019-06-30 20:17:44 +02:00
20968e3eae
[2.1.x] Bumped minimum ESLint version to 4.18.2.
...
Backport of ad7b438002
2019-06-21 18:04:44 +02:00
d58f8e4235
[2.1.x] Added CVE-2019-12308 to the security release archive.
...
Backport of 21b1d23912
2019-06-03 21:46:58 +02:00
8827e09944
[2.1.x] Added CVE-2019-11358 to the security release archive.
...
Backport of 8fb0ea5583
2019-06-03 21:46:54 +02:00
73158f19f1
[2.1.x] Fixed typos in 1.11.21, 2.1.9, 2.2.2 release notes.
...
Backport of 100ec901ae
2019-06-03 14:12:40 +02:00
eecf5a1474
[2.1.x] Post-release version bump.
2019-06-03 12:00:09 +02:00
60ebd195c9
[2.1.x] Bumped version for 2.1.9 release.
2019-06-03 11:55:22 +02:00
95649bc085
[2.1.x] Applied jQuery patch for CVE-2019-11358.
...
Backport of 34ec52269a
2019-06-03 11:39:15 +02:00
09186a13d9
[2.1.x] Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL before rendering clickable link.
...
Backport of deeba6d920
2019-06-03 11:37:57 +02:00
f6e2b556e0
[2.1.x] Added stub release notes for security releases.
...
Backport of 98c0fe19ee
2019-06-03 10:51:40 +02:00
fb2b4253f9
[2.1.x] Refs #27807 -- Removed docs for User.username_validator.
...
The new override functionality claimed in refs #21379 doesn't work.
Forwardport of 714fdbaa70
2019-04-07 20:03:54 -04:00
0a8617a5b1
[2.1.x] Refs #30331 -- Doc'd that psycopg2 < 2.8 is required.
2019-04-05 12:06:04 +02:00
32561b84f7
[2.1.x] Post-release version bump.
2019-04-01 11:20:12 +02:00
e49b2ae361
[2.1.x] Bumped version for 2.1.8 release.
2019-04-01 11:08:23 +02:00
aafdf62921
[2.1.x] Fixed #30289 -- Prevented admin inlines for a ManyToManyField's implicit through model from being editable if the user only has the view permission.
...
Backport of 8335d59200
2019-03-30 17:56:50 -04:00
6bfad83c2a
[2.1.x] Added stub 2.1.8 release notes.
...
Backport of e245046bb6
2019-03-30 13:04:45 -04:00
28fb3ea827
[2.1.x] Fixed #30277 -- Fixed broken links to packaging.python.org.
...
Backport of 8f1cc7e9e6
2019-03-21 10:08:29 -04:00
bb880e17eb
[2.1.x] Fixed serializers test crash if PyYAML isn't installed.
...
Follow up to a57c783dd455490ac746
2019-03-20 16:09:01 +01:00
e12cf38ae9
[2.1.x] Fixed serializers tests for PyYAML 5.1+.
...
Backport of a57c783dd4
2019-03-14 18:39:06 +01:00
1999c0a00a
[2.1.x] Reverted "Fixed relative paths imports per isort 4.3.5."
...
This reverts commit 463fe11bc8b435f82939
2019-03-03 19:37:25 +01:00
4fd6e09fdc
[2.1.x] Clarified permission-related docs.
...
Backport of 632d4861dd
2019-02-28 15:29:32 +01:00
0c295a7570
[2.1.x] Refs #29683 -- Updated multi-db docs for view permission.
...
Backport of 50f09264ae
2019-02-25 14:57:27 -05:00
7514a6cc95
[2.1.x] Fixed documentation of database representation for ManyToManyField.
...
Backport of b0799f5d86
2019-02-25 20:10:22 +01:00
068952d694
[2.1.x] Fixed relative paths imports per isort 4.3.5.
...
Backport of 463fe11bc8
2019-02-25 19:53:01 +01:00
8fe63dc4cd
[2.1.x] Fixed #30187 -- Moved "install Django" command to a console box.
...
Backport of edec11ce86
2019-02-16 08:10:14 +01:00
e1b55f2d3f
[2.1.x] Added CVE-2019-6975 to the security release archive.
...
Backport of d6e5aad5c7
2019-02-11 16:14:58 -05:00
5c2b94af2a
[2.1.x] Refs #30177 -- Forwardported 2.0.13 release notes.
...
Backport of 1b8f552b08
2019-02-11 15:55:12 -05:00
11d7f58a17
[2.1.x] Post-release version bump.
2019-02-11 15:53:48 -05:00
dd0aa9dcca
[2.1.x] Bumped version for 2.1.7 release.
2019-02-11 16:06:17 +01:00
168bfdd92b
[2.1.x] Refs #30175 -- Added release notes for 2.1.7, 2.0.12, and 1.11.20 releases.
...
Backport of b39bd0aa6d
2019-02-11 15:48:23 +01:00
79a6e7798f
[2.1.x] Bumped version for 2.1.6 release.
2019-02-11 11:26:29 +01:00
40cd190557
[2.1.x] Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format().
...
Thanks Sjoerd Job Postmus for the report and initial patch.
Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.
Backport of 402c0caa85
2019-02-11 11:11:55 +01:00
657bbb139a
[2.1.x] Removed extra characters in docs header underlines.
...
Backport of 25829197bb
2019-02-08 21:41:10 +01:00
Mariusz Felisiak
Carlton Gibson
Florian Apolloner
Markus Holtermann
Nick Pope
Tim Graham
Tobias Bengfort