Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Feb 20, 2013
  1. @carljm
  2. @carljm
Commits on Feb 19, 2013
  1. @ubernostrum
  2. @carljm
  3. @aaugustin @carljm

    [1.4.x] Added a default limit to the maximum number of forms in a for…

    aaugustin committed with carljm
    This is a security fix. Disclosure and advisory coming shortly.
  4. @carljm

    [1.4.x] Checked object permissions on admin history view.

    carljm committed
    This is a security fix. Disclosure and advisory coming shortly.
    Patch by Russell Keith-Magee.
  5. @carljm

    [1.4.x] Restrict the XML deserializer to prevent network and entity-e…

    carljm committed
    …xpansion DoS attacks.
    This is a security fix. Disclosure and advisory coming shortly.
  6. @carljm

    [1.4.x] Added ALLOWED_HOSTS setting for HTTP host header validation.

    carljm committed
    This is a security fix; disclosure and advisory coming shortly.
Commits on Feb 16, 2013
  1. @timgraham

    [1.4.x] Fixed #19824 - Corrected the class described for Field.primar…

    timgraham committed
    …y_key from IntegerField to AutoField.
    Thanks Keryn Knight.
    Backport of 218bbef from master
  2. @timgraham

    [1.4.x] Fixed #19812 - Removed a duplicate phrase in the widget docs.

    timgraham committed
    Thanks diegueus9 for the report and itsallvoodoo for the draft patch.
    Backport of 7a80904 from master
  3. @phantummm @timgraham

    [1.4.x] Fixed #19719 - Removed misleading example from ModelForm docu…

    phantummm committed with timgraham
    Backport of 976dc07 from master
Commits on Feb 13, 2013
  1. @timgraham

    [1.4.x] Fixed #19815 - Removed an unused import in tutorial 3.

    timgraham committed
    Thanks pedro.calcao@ for the report.
Commits on Feb 12, 2013
  1. @akaariai

    [1.4.x] Removed try-except in django.db.close_connection()

    akaariai committed
    The reason was that the except clause needed to remove a connection
    from the django.db.connections dict, but other parts of Django do not
    expect this to happen. In addition the except clause was silently
    swallowing the exception messages.
    Refs #19707, special thanks to Carl Meyer for pointing out that this
    approach should be taken.
Commits on Feb 11, 2013
  1. @claudep

    Fixed WSGIPythonPath instruction in deployment docs

    claudep committed
    Partial backport of 3abf610 from master. Refs #19042.
Commits on Feb 10, 2013
  1. @akaariai

    [1.4.x] Made custom m2m fields without through easier to use

    akaariai committed
    The change in f105fbe made through=None
    m2m fields fail in cases where they worked before. It isn't possible to
    create such fields using public APIs. The fix is trivial, so it seems
    worth fixing this for custom m2m field users.
    This is not a backport from master. Master has gotten enough other
    changes to related fields internal API that this fix alone isn't enough
    to do any good.
  2. @akaariai
  3. @akaariai

    [1.4.x] Fixed #19645 -- Added tests for TransactionMiddleware

    akaariai committed
    Backpatch of f556df9. Backpatching
    these tests so that it will be easier to backpatch the fix for #19707.
Commits on Feb 7, 2013
  1. @timgraham

    [1.4.x] Fixed #19756 - Corrected a ManyToMany example and added some …

    timgraham committed
    …links and markup.
    Backport of 43efefa from master
Commits on Feb 2, 2013
  1. @claudep

    [1.4.x] Fixed #19702 -- Changed a SQL command syntax to be MySQL 4-co…

    claudep committed
    Thanks matf at for the report.
  2. @claudep

    [1.5.x] Lowered field ordering requirement in ogrinspect test

    claudep committed
    This test was randomly failing depending on the library environment.
    Backport of a1c470a from master.
  3. @claudep

    [1.4.x] Fixed #18144 -- Added backwards compatibility with old unsalt…

    claudep committed
    …ed MD5 passwords
    Thanks apreobrazhensky at for the report.
    Backport of 63d6a50 from master.
Commits on Jan 17, 2013
  1. @timgraham

    [1.4.x] Fixed #19555 - Removed '2012' from tutorial 1.

    timgraham committed
    Thanks rodrigorosa.lg and others for the report.
    Backport of 99315f7 from master
Commits on Jan 10, 2013
  1. @timgraham

    [1.4.x] Addeded CSS to bold deprecation notices.

    timgraham committed
    Thanks Sam Lai for mentioning this on the mailing list.
    Backport of 227bd3f from master
Commits on Dec 21, 2012
  1. @timgraham

    [1.4.X] Fixed #19506 - Remove 'mysite' prefix in model example.

    timgraham committed
    Thanks Mike O'Connor for the report.
    Backport of 52a2588 from master
Commits on Dec 19, 2012
  1. @ramiro
Commits on Dec 15, 2012
  1. @timgraham

    [1.4.X] Fixed #18099 -- corrected a typo in the initial data docs. Th…

    committed with timgraham
    …anks to Bradley Ayers for the patch.
    Backport of f5a9e5e from master
Commits on Dec 10, 2012
  1. @apollo13

    [1.4.X] Fixed a test failure in the comment tests.

    apollo13 committed
    Backport of 1eb0da1 from master.
  2. @ubernostrum
  3. @apollo13

    [1.4.X] Fixed a security issue in get_host.

    apollo13 committed
    Full disclosure and new release forthcoming.
  4. @apollo13
Commits on Dec 4, 2012
  1. @jphalip
  2. @sebasmagri @jphalip

    [1.4.x] Fixed #19318 -- Ensured that the admin's SimpleListFilter opt…

    sebasmagri committed with jphalip
    …ions can be displayed as selected even if the lookup's first element is not a string.
    Backport of 88e1715
Commits on Nov 24, 2012
  1. @akaariai
  2. @aaugustin
Commits on Nov 23, 2012
  1. @akaariai

    [1.4.x] Fixed SQLite's collapsing of same-valued instances in bulk_cr…

    akaariai committed
    SQLite used INSERT INTO tbl SELECT %s UNION SELECT %s, the problem
    was that there should have been UNION ALL instead of UNION.
    Refs #19351
    Backpatch of a275824
Something went wrong with that request. Please try again.