mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-14 14:49:12 +00:00
Code Issues 32 Releases Wiki Activity
django/docs/releases
History
Mariusz Felisiak d9594c4ea5 [2.2.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+. 
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.

[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603

Backport of e1e81aa1c4427411e3c68facdd761229ffea6f6f from main.
2021-05-06 08:53:27 +02:00
..
0.95.txt
Replaced "django" with "Django" in spelling_wordlist.
2016-11-15 17:00:50 -05:00
0.96.txt
Fixed spelling of "nonexistent".
2017-02-03 08:01:45 -05:00
1.0-porting-guide.txt
[2.2.x] Removed extra characters in docs header underlines.
2019-02-08 21:39:54 +01:00
1.0.1.txt
Updated obsolete links in the documentation
2012-06-28 10:49:07 +02:00
1.0.2.txt
1.0.txt
Fixed #28594 -- Removed Jython docs and specific code
2017-12-23 10:26:32 +01:00
1.1.2.txt
Updated capitalization in the word "JavaScript" for consistency
2015-05-01 13:26:42 -04:00
1.1.3.txt
Replaced "django" with "Django" in spelling_wordlist.
2016-11-15 17:00:50 -05:00
1.1.4.txt
Fixed #26020 -- Normalized header stylings in docs.
2016-01-22 12:12:17 -05:00
1.1.txt
[2.2.x] Removed extra characters in docs header underlines.
2019-02-08 21:39:54 +01:00
1.2.1.txt
[2.2.x] Used 🎫 role in all tickets links.
2019-11-26 14:45:15 +01:00
1.2.2.txt
Fixed #19885 -- cleaned up the django.test namespace
2013-09-09 16:03:13 -04:00
1.2.3.txt
1.2.4.txt
[2.2.x] Used 🎫 role in all tickets links.
2019-11-26 14:45:15 +01:00
1.2.5.txt
Fixed #26020 -- Normalized header stylings in docs.
2016-01-22 12:12:17 -05:00
1.2.6.txt
1.2.7.txt
Whitespace cleanup.
2013-10-10 16:49:20 -04:00
1.2.txt
Refs #26601 -- Removed support for old-style middleware using settings.MIDDLEWARE_CLASSES.
2017-01-17 20:52:04 -05:00
1.3.1.txt
1.3.2.txt
Added 1.4.1 and 1.3.2 release notes
2012-08-31 20:35:50 +02:00
1.3.3.txt
Added missing release notes for older versions of Django
2013-08-12 14:05:25 -04:00
1.3.4.txt
Fixed #26020 -- Normalized header stylings in docs.
2016-01-22 12:12:17 -05:00
1.3.5.txt
Fixed #26020 -- Normalized header stylings in docs.
2016-01-22 12:12:17 -05:00
1.3.6.txt
Refs #29784 -- Switched to https:// links where available.
2018-09-26 08:48:47 +02:00
1.3.7.txt
Added missing release notes for older versions of Django
2013-08-12 14:05:25 -04:00
1.3.txt
[2.2.x] Updated spelling and RFCs in HttpOnly cookie flag docs.
2019-03-27 11:11:24 -04:00
1.4.1.txt
Added 1.4.1 and 1.3.2 release notes
2012-08-31 20:35:50 +02:00
1.4.2.txt
Fixed #26020 -- Normalized header stylings in docs.
2016-01-22 12:12:17 -05:00
1.4.3.txt
Fixed #26020 -- Normalized header stylings in docs.
2016-01-22 12:12:17 -05:00
1.4.4.txt
Refs #29784 -- Switched to https:// links where available.
2018-09-26 08:48:47 +02:00
1.4.5.txt
Added missing release notes for older versions of Django
2013-08-12 14:05:25 -04:00
1.4.6.txt
Refs #17209 -- Removed login/logout and password reset/change function-based views.
2017-09-22 12:51:17 -04:00
1.4.7.txt
Fixed #26020 -- Normalized header stylings in docs.
2016-01-22 12:12:17 -05:00
1.4.8.txt
Fixed #26020 -- Normalized header stylings in docs.
2016-01-22 12:12:17 -05:00
1.4.9.txt
Fixed #26020 -- Normalized header stylings in docs.
2016-01-22 12:12:17 -05:00
1.4.10.txt
Fixed #26020 -- Normalized header stylings in docs.
2016-01-22 12:12:17 -05:00
1.4.11.txt
Refs #23919 -- Removed Python 2 notes in docs.
2017-01-18 11:51:29 -05:00
1.4.12.txt
Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
2015-12-31 14:21:29 -05:00
1.4.13.txt
Refs #17209 -- Removed login/logout and password reset/change function-based views.
2017-09-22 12:51:17 -04:00
1.4.14.txt
Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
2015-12-31 14:21:29 -05:00
1.4.15.txt
Used the 🎫 syntax more extensively
2014-12-19 18:07:52 +01:00
1.4.16.txt
Used the 🎫 syntax more extensively
2014-12-19 18:07:52 +01:00
1.4.17.txt
Refs #23919 -- Removed Python 2 notes in docs.
2017-01-18 11:51:29 -05:00
1.4.18.txt
Refs #17209 -- Removed login/logout and password reset/change function-based views.
2017-09-22 12:51:17 -04:00
1.4.19.txt
Fixed #25778 -- Updated docs links to use https when available.
2015-12-01 08:01:34 -05:00
1.4.20.txt
Refs #17209 -- Removed login/logout and password reset/change function-based views.
2017-09-22 12:51:17 -04:00
1.4.21.txt
Prevented newlines from being accepted in some validators.
2015-07-08 15:23:03 -04:00
1.4.22.txt
Refs #17209 -- Removed login/logout and password reset/change function-based views.
2017-09-22 12:51:17 -04:00
1.4.txt
Fixed #28606 -- Deprecated CachedStaticFilesStorage.
2018-10-27 11:58:29 -04:00
1.5.1.txt
[2.2.x] Added documentation extlink for bugs.python.org.
2021-02-17 14:28:05 +01:00
1.5.2.txt
Refs #17209 -- Removed login/logout and password reset/change function-based views.
2017-09-22 12:51:17 -04:00
1.5.3.txt
Fixed #26020 -- Normalized header stylings in docs.
2016-01-22 12:12:17 -05:00
1.5.4.txt
Fixed #26020 -- Normalized header stylings in docs.
2016-01-22 12:12:17 -05:00
1.5.5.txt
Fixed #26020 -- Normalized header stylings in docs.
2016-01-22 12:12:17 -05:00
1.5.6.txt
Refs #23919 -- Removed Python 2 notes in docs.
2017-01-18 11:51:29 -05:00
1.5.7.txt
Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
2015-12-31 14:21:29 -05:00
1.5.8.txt
Refs #17209 -- Removed login/logout and password reset/change function-based views.
2017-09-22 12:51:17 -04:00
1.5.9.txt
Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
2015-12-31 14:21:29 -05:00
1.5.10.txt
Used the 🎫 syntax more extensively
2014-12-19 18:07:52 +01:00
1.5.11.txt
Used the 🎫 syntax more extensively
2014-12-19 18:07:52 +01:00
1.5.12.txt
Added dates to release notes.
2015-01-02 19:20:18 -05:00
1.5.txt
[2.2.x] Used 🎫 role in all tickets links.
2019-11-26 14:45:15 +01:00
1.6.1.txt
Copied 1.6.1 release notes from stable/1.6.x branch.
2013-12-12 15:08:22 -05:00
1.6.2.txt
Refs #23919 -- Removed Python 2 notes in docs.
2017-01-18 11:51:29 -05:00
1.6.3.txt
Refs #23919 -- Removed Python 2 notes in docs.
2017-01-18 11:51:29 -05:00
1.6.4.txt
Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
2015-12-31 14:21:29 -05:00
1.6.5.txt
Refs #17209 -- Removed login/logout and password reset/change function-based views.
2017-09-22 12:51:17 -04:00
1.6.6.txt
Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
2015-12-31 14:21:29 -05:00
1.6.7.txt
Added dates to release notes.
2014-09-02 21:34:29 -04:00
1.6.8.txt
Added release dates to release notes.
2014-10-22 12:23:21 -04:00
1.6.9.txt
Refs #23919 -- Removed Python 2 notes in docs.
2017-01-18 11:51:29 -05:00
1.6.10.txt
Refs #17209 -- Removed login/logout and password reset/change function-based views.
2017-09-22 12:51:17 -04:00
1.6.11.txt
[2.2.x] Added documentation extlink for bugs.python.org.
2021-02-17 14:28:05 +01:00
1.6.txt
Removed code terms from docs/spelling_wordlist.
2018-07-31 12:22:28 -04:00
1.7.1.txt
[2.2.x] Fixed "byte string" typo in various docs and comments.
2019-03-28 10:01:36 +01:00
1.7.2.txt
[2.2.x] Fixed broken links and redirects in documentation.
2019-08-21 10:58:05 +02:00
1.7.3.txt
Refs #17209 -- Removed login/logout and password reset/change function-based views.
2017-09-22 12:51:17 -04:00
1.7.4.txt
Added 1.4.19 release notes.
2015-01-27 11:48:04 -05:00
1.7.5.txt
Added release date for 1.7.5 release.
2015-02-25 08:47:11 -05:00
1.7.6.txt
Refs #24461 -- Added test/release notes for XSS issue in ModelAdmin.readonly_fields
2015-03-09 10:12:21 -04:00
1.7.7.txt
[2.2.x] Added documentation extlink for bugs.python.org.
2021-02-17 14:28:05 +01:00
1.7.8.txt
Added dates to release notes.
2015-05-01 16:24:39 -04:00
1.7.9.txt
Prevented newlines from being accepted in some validators.
2015-07-08 15:23:03 -04:00
1.7.10.txt
Refs #17209 -- Removed login/logout and password reset/change function-based views.
2017-09-22 12:51:17 -04:00
1.7.11.txt
Added release date for 1.8.7/1.7.11 releases.
2015-11-24 11:20:29 -05:00
1.7.txt
Fixed #28606 -- Deprecated CachedStaticFilesStorage.
2018-10-27 11:58:29 -04:00
1.8.1.txt
Fixed #23868 -- Added support for non-unique django-admin-options in docs.
2016-01-14 18:21:33 -05:00
1.8.2.txt
Added release date for 1.8.2.
2015-05-20 13:48:06 -04:00
1.8.3.txt
Fixed catastrophic backtracking in URLValidator.
2015-07-08 15:23:03 -04:00
1.8.4.txt
Refs #17209 -- Removed login/logout and password reset/change function-based views.
2017-09-22 12:51:17 -04:00
1.8.5.txt
Added release date for 1.8.5.
2015-10-03 19:31:45 -04:00
1.8.6.txt
Added release date for 1.8.6.
2015-11-04 17:48:49 +01:00
1.8.7.txt
Refs #23919 -- Removed Python 2 notes in docs.
2017-01-18 11:51:29 -05:00
1.8.8.txt
Added release date for 1.9.1/1.8.8 releases.
2016-01-02 08:35:54 -05:00
1.8.9.txt
Added release dates for 1.9.2 and 1.8.9.
2016-02-01 12:02:16 -05:00
1.8.10.txt
Refs #17209 -- Removed login/logout and password reset/change function-based views.
2017-09-22 12:51:17 -04:00
1.8.11.txt
Added safety to URL decoding in is_safe_url() on Python 2
2016-03-04 23:33:35 +01:00
1.8.12.txt
Added release date for 1.9.5 and 1.8.12.
2016-04-01 13:29:43 -04:00
1.8.13.txt
Added release date for 1.9.6/1.8.13.
2016-05-02 18:16:36 -04:00
1.8.14.txt
Fixed XSS in admin's add/change related popup.
2016-07-18 11:17:01 -04:00
1.8.15.txt
Added release notes for 1.9.10 and 1.8.15 releases.
2016-09-26 13:55:21 -04:00
1.8.16.txt
Refs #29784 -- Switched to https:// links where available.
2018-09-26 08:48:47 +02:00
1.8.17.txt
Added release dates for 1.10.4, 1.9.12, 1.8.17.
2016-12-01 17:15:04 -05:00
1.8.18.txt
Refs #17209 -- Removed login/logout and password reset/change function-based views.
2017-09-22 12:51:17 -04:00
1.8.19.txt
Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.
2018-03-06 08:30:40 -05:00
1.8.txt
[2.2.x] Fixed term warning on Sphinx 3.0.1+.
2020-06-02 10:57:46 +02:00
1.9.1.txt
Fixed typo in docs/releases/1.9.1.txt.
2016-03-04 14:16:56 -05:00
1.9.2.txt
Added release dates for 1.9.2 and 1.8.9.
2016-02-01 12:02:16 -05:00
1.9.3.txt
Refs #17209 -- Removed login/logout and password reset/change function-based views.
2017-09-22 12:51:17 -04:00
1.9.4.txt
Added safety to URL decoding in is_safe_url() on Python 2
2016-03-04 23:33:35 +01:00
1.9.5.txt
Added release date for 1.9.5 and 1.8.12.
2016-04-01 13:29:43 -04:00
1.9.6.txt
Added release date for 1.9.6/1.8.13.
2016-05-02 18:16:36 -04:00
1.9.7.txt
Added release date for 1.9.7.
2016-06-04 19:24:51 -04:00
1.9.8.txt
Fixed XSS in admin's add/change related popup.
2016-07-18 11:17:01 -04:00
1.9.9.txt
Added release dates for 1.10 and 1.9.9
2016-08-01 13:55:08 -04:00
1.9.10.txt
Added release notes for 1.9.10 and 1.8.15 releases.
2016-09-26 13:55:21 -04:00
1.9.11.txt
Refs #29784 -- Switched to https:// links where available.
2018-09-26 08:48:47 +02:00
1.9.12.txt
Added release dates for 1.10.4, 1.9.12, 1.8.17.
2016-12-01 17:15:04 -05:00
1.9.13.txt
Refs #17209 -- Removed login/logout and password reset/change function-based views.
2017-09-22 12:51:17 -04:00
1.9.txt
Refs #20910 -- Replaced snippet directive with code-block.
2018-09-10 13:00:34 -04:00
1.10.1.txt
Added release date for 1.10.1.
2016-09-01 16:24:46 -04:00
1.10.2.txt
Fixed #27302 -- Fixed ModelAdmin.construct_change_message() changed field detection
2016-10-01 20:14:27 +02:00
1.10.3.txt
Refs #29784 -- Switched to https:// links where available.
2018-09-26 08:48:47 +02:00
1.10.4.txt
Added release dates for 1.10.4, 1.9.12, 1.8.17.
2016-12-01 17:15:04 -05:00
1.10.5.txt
Added release date for 1.10.5.
2017-01-04 13:20:01 -05:00
1.10.6.txt
Fixed typo in docs/releases/1.10.6.txt.
2017-03-01 10:11:32 -05:00
1.10.7.txt
Refs #17209 -- Removed login/logout and password reset/change function-based views.
2017-09-22 12:51:17 -04:00
1.10.8.txt
Fixed CVE-2017-12794 -- Fixed XSS possibility in traceback section of technical 500 debug page.
2017-09-05 10:58:38 -04:00
1.10.txt
[2.2.x] Refs #27807 -- Removed docs for User.username_validator.
2019-04-07 20:03:01 -04:00
1.11.1.txt
Added release date for 1.11.1.
2017-05-06 08:19:41 -04:00
1.11.2.txt
Added release date for 1.11.2.
2017-06-01 11:09:51 -04:00
1.11.3.txt
Added release date for 1.11.3.
2017-07-01 19:13:35 -04:00
1.11.4.txt
Added release date for 1.11.4.
2017-08-01 08:08:18 -04:00
1.11.5.txt
Fixed CVE-2017-12794 -- Fixed XSS possibility in traceback section of technical 500 debug page.
2017-09-05 10:58:38 -04:00
1.11.6.txt
Added release date for 1.11.6.
2017-10-05 14:13:32 -04:00
1.11.7.txt
Added release date for 1.11.7.
2017-11-01 21:11:38 -04:00
1.11.8.txt
Added release dates for 2.0 and 1.11.8.
2017-12-02 08:55:33 -05:00
1.11.9.txt
Added release date for 2.0.1 and 1.11.9.
2018-01-01 19:34:34 -05:00
1.11.10.txt
Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.
2018-02-01 09:05:14 -05:00
1.11.11.txt
Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.
2018-03-06 08:30:40 -05:00
1.11.12.txt
Added release date for 2.0.4 and 1.11.12.
2018-04-02 21:36:23 -04:00
1.11.13.txt
Added release date for 2.0.5 and 1.11.13.
2018-05-01 21:18:44 -04:00
1.11.14.txt
Added release date for 1.11.14.
2018-07-02 10:12:20 +02:00
1.11.15.txt
Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware.
2018-08-01 09:28:42 -04:00
1.11.16.txt
Added release date for 1.11.16.
2018-10-01 09:34:57 +02:00
1.11.17.txt
Added release date for 1.11.17.
2018-12-03 15:14:58 +01:00
1.11.18.txt
Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page.
2019-01-03 21:21:55 -05:00
1.11.19.txt
[2.2.x] Fixed typos in 1.11.19, 2.0.11, 2.1.6 release notes.
2019-06-21 07:10:32 +02:00
1.11.20.txt
[2.2.x] Refs #30175 -- Added release notes for 2.1.7, 2.0.12, and 1.11.20 releases.
2019-02-11 15:47:54 +01:00
1.11.21.txt
[2.2.x] Fixed typos in 1.11.21, 2.1.9, 2.2.2 release notes.
2019-06-03 14:10:51 +02:00
1.11.22.txt
[2.2.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
2019-07-01 07:50:48 +02:00
1.11.23.txt
[2.2.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
2019-07-29 11:06:54 +02:00
1.11.24.txt
[2.2.x] Added release dates for 2.2.5, 2.1.12, and 1.11.24.
2019-09-02 07:45:40 +02:00
1.11.25.txt
[2.2.x] Added release dates for 2.2.6, 2.1.13, and 1.11.25.
2019-10-01 08:51:15 +02:00
1.11.26.txt
[2.2.x] Added release dates for 2.2.7, 2.1.14, and 1.11.26.
2019-11-04 08:26:38 +01:00
1.11.27.txt
[2.2.x] Fixed CVE-2019-19844 -- Used verified user email for password reset requests.
2019-12-18 09:16:08 +01:00
1.11.28.txt
[2.2.x] Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.
2020-01-26 18:51:25 +01:00
1.11.29.txt
[2.2.x] Fixed typo in docs/releases/1.11.29.txt.
2020-03-04 10:49:18 +01:00
1.11.txt
[2.2.x] Fixed term warning on Sphinx 3.0.1+.
2020-06-02 10:57:46 +02:00
2.0.1.txt
Added release date for 2.0.1 and 1.11.9.
2018-01-01 19:34:34 -05:00
2.0.2.txt
Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.
2018-02-01 09:05:14 -05:00
2.0.3.txt
Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.
2018-03-06 08:30:40 -05:00
2.0.4.txt
Added release date for 2.0.4 and 1.11.12.
2018-04-02 21:36:23 -04:00
2.0.5.txt
Fixed typo in docs/releases/2.0.5.txt.
2018-08-21 09:48:14 -04:00
2.0.6.txt
Fixed #28462 -- Decreased memory usage with ModelAdmin.list_editable.
2018-06-01 10:41:05 -04:00
2.0.7.txt
Forwardported 2.0.7 release note.
2018-06-28 11:07:37 -04:00
2.0.8.txt
Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware.
2018-08-01 09:28:42 -04:00
2.0.9.txt
Added release date for 2.0.9 release.
2018-10-01 09:55:56 +02:00
2.0.10.txt
Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page.
2019-01-03 21:21:55 -05:00
2.0.11.txt
[2.2.x] Fixed typos in 1.11.19, 2.0.11, 2.1.6 release notes.
2019-06-21 07:10:32 +02:00
2.0.12.txt
[2.2.x] Refs #30175 -- Added release notes for 2.1.7, 2.0.12, and 1.11.20 releases.
2019-02-11 15:47:54 +01:00
2.0.13.txt
[2.2.x] Refs #30177 -- Forwardported 2.0.13 release notes.
2019-02-11 15:52:15 -05:00
2.0.txt
[2.2.x] Updated Oracle docs links to Oracle 18c.
2019-02-07 10:03:11 +01:00
2.1.1.txt
Added release date for 2.1.1.
2018-08-31 10:12:51 +02:00
2.1.2.txt
Added release date for 2.1.2 release.
2018-10-01 10:10:48 +02:00
2.1.3.txt
Added release date for 2.1.2 release.
2018-11-01 15:02:22 +01:00
2.1.4.txt
Added release date for 2.1.4.
2018-12-03 17:29:46 +01:00
2.1.5.txt
Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page.
2019-01-03 21:21:55 -05:00
2.1.6.txt
[2.2.x] Fixed typos in 1.11.19, 2.0.11, 2.1.6 release notes.
2019-06-21 07:10:32 +02:00
2.1.7.txt
[2.2.x] Refs #30175 -- Added release notes for 2.1.7, 2.0.12, and 1.11.20 releases.
2019-02-11 15:47:54 +01:00
2.1.8.txt
[2.2.x] Fixed #30289 -- Prevented admin inlines for a ManyToManyField's implicit through model from being editable if the user only has the view permission.
2019-03-30 17:44:58 -04:00
2.1.9.txt
[2.2.x] Fixed typos in 1.11.21, 2.1.9, 2.2.2 release notes.
2019-06-03 14:10:51 +02:00
2.1.10.txt
[2.2.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
2019-07-01 07:50:48 +02:00
2.1.11.txt
[2.2.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
2019-07-29 11:06:54 +02:00
2.1.12.txt
[2.2.x] Added release dates for 2.2.5, 2.1.12, and 1.11.24.
2019-09-02 07:45:40 +02:00
2.1.13.txt
[2.2.x] Added release dates for 2.2.6, 2.1.13, and 1.11.25.
2019-10-01 08:51:15 +02:00
2.1.14.txt
[2.2.x] Added release dates for 2.2.7, 2.1.14, and 1.11.26.
2019-11-04 08:26:38 +01:00
2.1.15.txt
[2.2.x] Removed issue reporter name from 2.1.15 and 2.2.8 release notes.
2019-12-02 10:03:21 +01:00
2.1.txt
Doc'd purpose of "Database backend API" backwards incompatible changes section.
2018-11-17 15:58:10 -05:00
2.2.1.txt
[2.2.x] Added release date for 2.2.1.
2019-05-01 07:07:19 +02:00
2.2.2.txt
[2.2.x] Fixed typos in 1.11.21, 2.1.9, 2.2.2 release notes.
2019-06-03 14:10:51 +02:00
2.2.3.txt
[2.2.x] Added release date for 2.2.3.
2019-07-01 07:51:53 +02:00
2.2.4.txt
[2.2.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
2019-07-29 11:06:54 +02:00
2.2.5.txt
[2.2.x] Added release dates for 2.2.5, 2.1.12, and 1.11.24.
2019-09-02 07:45:40 +02:00
2.2.6.txt
[2.2.x] Added release dates for 2.2.6, 2.1.13, and 1.11.25.
2019-10-01 08:51:15 +02:00
2.2.7.txt
[2.2.x] Added release dates for 2.2.7, 2.1.14, and 1.11.26.
2019-11-04 08:26:38 +01:00
2.2.8.txt
[2.2.x] Removed issue reporter name from 2.1.15 and 2.2.8 release notes.
2019-12-02 10:03:21 +01:00
2.2.9.txt
[2.2.x] Fixed CVE-2019-19844 -- Used verified user email for password reset requests.
2019-12-18 09:16:08 +01:00
2.2.10.txt
[2.2.x] Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.
2020-01-26 18:51:25 +01:00
2.2.11.txt
[2.2.x] Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle.
2020-03-04 09:34:39 +01:00
2.2.12.txt
[2.2.x] Added release date for 2.2.12.
2020-04-01 09:19:00 +02:00
2.2.13.txt
[2.2.x] Fixed CVE-2020-13254 -- Enforced cache key validation in memcached backends.
2020-06-03 09:34:29 +02:00
2.2.14.txt
[2.2.x] Added release date for 2.2.14.
2020-07-01 06:19:44 +02:00
2.2.15.txt
[2.2.x] Added release date for 2.2.15.
2020-08-03 08:58:00 +02:00
2.2.16.txt
[2.2.x] Added release date for 2.2.16.
2020-09-01 10:00:28 +02:00
2.2.17.txt
[2.2.x] Set release date for 2.2.17.
2020-11-02 08:39:12 +01:00
2.2.18.txt
[2.2.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract().
2021-02-01 09:14:54 +01:00
2.2.19.txt
[2.2.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.http.limited_parse_qsl().
2021-02-18 10:27:25 +01:00
2.2.20.txt
[2.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
2021-04-06 08:38:19 +02:00
2.2.21.txt
[2.2.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-04-27 19:10:08 +02:00
2.2.22.txt
[2.2.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
2021-05-06 08:53:27 +02:00
2.2.txt
[2.2.x] Refs #31040 -- Doc'd Python 3.9 compatibility.
2020-10-13 08:45:37 +02:00
index.txt
[2.2.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
2021-05-06 08:53:27 +02:00
security.txt
[2.2.x] Added CVE-2021-31542 to security archive.
2021-05-04 11:14:17 +02:00