mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-18 16:49:13 +00:00
Code Issues 32 Releases Wiki Activity
27,779 Commits 29 Branches 451 Tags
Commit Graph

201 Commits

Author SHA1 Message Date
Mariusz Felisiak
e7fba62248 [3.0.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. 
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.

Backport of d4d800ca1addc4141e03c5440a849bb64d1582cd from main.
 2021-04-06 08:33:16 +02:00
Nick Pope
326a926bee [3.0.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.http.limited_parse_qsl(). 2021-02-18 10:21:04 +01:00
Mariusz Felisiak
52e409ed17 [3.0.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract(). 
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.

Thanks Wang Baohua for the report.

Backport of 05413afa8c18cdb978fcdf470e09f7a12b234a23 from master.
 2021-02-01 09:14:22 +01:00
Mariusz Felisiak
301bca9394 [3.0.x] Refs #31040 -- Doc'd Python 3.9 compatibility. 
Backport of e18156b6c35908f2a4026287b5225a6a4da8af1a from master.
 2020-10-13 08:40:39 +02:00
Mariusz Felisiak
9f74a24803 [3.0.x] Added stub release notes for 2.2.16 and 3.0.10. 
Backport of 8a5683b6b2aede38edcff070686ed1fce470dec5 from master
 2020-08-11 11:13:20 +02:00
Mariusz Felisiak
331324ecce
[3.0.x] Fixed #31790 -- Fixed setting SameSite cookies flag in HttpResponse.delete_cookie(). 
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.

This affects sessions and messages cookies.

Backport of 240cbb63bf9965c63d7a3cc9032f91410f414d46 from master.
 2020-07-16 09:30:15 +02:00
Mariusz Felisiak
5a15e3e378 [3.0.x] Added stub release notes for 3.0.9. 
Backport of c2a835703f706583542e9dae82749ac3b92819f8 from master
 2020-07-01 07:13:25 +02:00
Mariusz Felisiak
e8723af44b [3.0.x] Fixed #31654 -- Fixed cache key validation messages. 
Backport of 926148ef019abcac3a9988c78734d9336d69f24e from master
 2020-06-05 07:22:52 +02:00
Carlton Gibson
c1dc423f10 [3.0.x] Added stub release notes for 3.0.8. 
Backport of 7ec2658e1e24149f0f3244c08c361348f6ebc0e4 from master
 2020-06-03 10:55:25 +02:00
Mariusz Felisiak
6e8a11e88c [3.0.x] Added stub release notes for 2.2.13. 
Backport of 50798d43898c7d46926a4292f86fdf3859a433da from master
 2020-05-14 06:30:30 +02:00
Mariusz Felisiak
668f745bb7 [3.0.x] Added stub release notes for 3.0.7. 
Backport of 8e8ff38cb8766590fa3a4f412dbb4b11f65b5c69 from master
 2020-05-04 07:43:44 +02:00
Carlton Gibson
73001dd8ad [3.0.x] Added stub release notes for 3.0.6. 
Backport of a7e4ff370cdb046b048b40e6e0d043cc6a91247c from master
 2020-04-01 10:11:24 +02:00
Carlton Gibson
525274f79b [3.0.x] Added stub release notes for 2.2.12. 
Backport of a4200e958d1da46465d7d684674a1711bc9f65e0 from master
 2020-03-10 12:03:05 +01:00
Mariusz Felisiak
91d97406da [3.0.x] Added stub release notes for 3.0.5. 
Backport of 1b3a900a6919f9ffcfe22fae738e49b71e798ee0 from master
 2020-03-04 10:57:08 +01:00
Mariusz Felisiak
26a5cf8345 [3.0.x] Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle. 
Thanks to Norbert Szetei for the report.
 2020-03-04 09:16:03 +01:00
Mariusz Felisiak
dc0dfd1dac [3.0.x] Added stub release notes for 2.2.11. 
Backport of 7e8339748cc199b4a13513891d9ac4f1e4794588 from master
 2020-02-10 08:24:00 +01:00
Carlton Gibson
8aaa7a2960 [3.0.x] Added stub release notes for 3.0.4. 
Backport of 273918c25b203d32a7922bc7c3610e4a089fe931 from master
 2020-02-03 10:24:15 +01:00
Simon Charette
505826b469 [3.0.x] Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter. 2020-02-03 08:32:54 +01:00
Mariusz Felisiak
eb94e7ad6b [3.0.x] Added stub release notes for 3.0.3. 
Backport of 69331bb851c34f05bc77e9fc24020fe6908b9cd5 from master
 2020-01-02 08:41:58 +01:00
Mariusz Felisiak
efd9302b14 [3.0.x] Added stub release notes for 3.0.2. 
Backport of 50a69efb2e73ab8b3ef26042d4579e8ade950c37 from master
 2019-12-18 10:52:37 +01:00
Mariusz Felisiak
f4baf2fdf6 [3.0.x] Refs #31073 -- Added release notes for 02eff7ef60466da108b1a33f1e4dc01eec45c99d. 
Backport of ec12c37384798093e359971c8980fe0c68d555bc from master
 2019-12-11 10:08:32 +01:00
Mariusz Felisiak
7ec5962638 [3.0.x] Added stub release notes for 3.0.1. 
Backport of 908c67e719a54b8b612cb7df732126f42350f3fa from master
 2019-12-02 21:47:49 +01:00
Mariusz Felisiak
2ef484ba3b [3.0.x] Added stub release notes for 2.1.15. 
Backport of e9def97d1095efed15a109d82fe0498ebd56fa04 from master
 2019-11-19 12:44:43 +01:00
Mariusz Felisiak
f375ad95fa [3.0.x] Added stub release notes for 2.2.8 release. 
Backport of 30359496a3f3d9af0b02afc334710f7e24c74f5b from master
 2019-11-12 14:42:15 +01:00
Mariusz Felisiak
2624653bef [3.0.x] Added stub release notes for 1.11.26 and 2.1.14. 
Backport of 84322a29ce9b0940335f8ab3d60e55192bef1e50 from master
 2019-10-02 07:55:19 +02:00
Carlton Gibson
a135e1e16e [3.0.x] Added stub release notes for 2.2.7. 
Backport of e1c1eaf0c6f4d3d2f60513d20aa9b84b17d096ec from master
 2019-10-01 10:44:49 +02:00
Mariusz Felisiak
7bd28727ad [3.0.x] Added stub release notes for 1.11.25 and 2.1.13. 
Backport of bd7e0f81f8590eadcb820c976ba03c9b75bbcad6 from master
 2019-09-16 07:43:27 +02:00
Mariusz Felisiak
0d4529d314 Added stub release notes for 2.2.6. 2019-09-04 08:02:32 +02:00
Mariusz Felisiak
1f8382d34d
Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params. 
Regression in 4f5b58f5cd3c57fee9972ab074f8dc6895d8f387.

Thanks Florian Apolloner for the report and helping with tests.
 2019-08-14 15:25:35 +02:00
Mariusz Felisiak
1af469e67f Added stub release notes for 2.2.5. 2019-08-02 20:32:21 +02:00
Carlton Gibson
f13147c8de Added stub release notes for security releases. 2019-07-25 10:49:30 +02:00
Mariusz Felisiak
08e69cad9c Added stub release notes for 2.2.4. 2019-07-09 07:39:35 +02:00
Mariusz Felisiak
30b3ee9d0b Added stub release notes for security releases. 2019-07-01 06:57:27 +02:00
Mariusz Felisiak
1f81e2df69 Added stub release notes for 2.2.3. 2019-06-05 06:57:44 +02:00
Carlton Gibson
98c0fe19ee Added stub release notes for security releases. 2019-06-03 10:48:52 +02:00
Mariusz Felisiak
30dd43884e
Added stub release notes for 2.2.2. 2019-05-08 14:41:16 +02:00
Mariusz Felisiak
e6588aa4e7
Added stub release notes for 2.2.1. 2019-04-03 08:26:05 +02:00
Tim Graham
e245046bb6 Added stub 2.1.8 release notes. 2019-03-30 12:55:30 -04:00
Tim Graham
1b8f552b08 Refs #30177 -- Forwardported 2.0.13 release notes. 2019-02-11 15:45:04 -05:00
Carlton Gibson
b39bd0aa6d
Refs #30175 -- Added release notes for 2.1.7, 2.0.12, and 1.11.20 releases. 2019-02-11 15:46:33 +01:00
Carlton Gibson
5cc6f02f91 Added stub release notes for security releases. 2019-02-07 15:46:53 +01:00
Tim Graham
eb0ce6fa36 Added stub release notes for 3.0. 2019-01-17 10:50:25 -05:00
Tim Graham
36fceeec88 Added stub 2.1.6 release notes. 2019-01-08 08:57:22 -05:00
Tom Hacohen
1ecc0a395b Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page. 
Co-Authored-By: Tim Graham <timograham@gmail.com>
 2019-01-03 21:21:55 -05:00
Carlton Gibson
196b420fcb Added stub release notes for 2.1.5 release. 2018-12-04 16:21:38 +01:00
Carlton Gibson
74ddd0e83b Added stub release notes for 2.1.4 release. 2018-11-01 15:48:28 +01:00
Carlton Gibson
dc28c0faf3 Added stub release notes for 2.1.3 release. 2018-10-01 11:48:11 +02:00
Carlton Gibson
2e86710dac Added stub release notes for 2.0.10 release. 2018-10-01 11:46:38 +02:00
Carlton Gibson
7040e638b9 Added stub release notes for 1.11.17 release. 2018-10-01 11:44:36 +02:00
Carlton Gibson
728ee98cd3 Added stub release notes for 2.1.2. 2018-08-31 11:01:29 +02:00