Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Feb 20, 2013
  1. @carljm
  2. @carljm
Commits on Feb 19, 2013
  1. @ubernostrum
  2. @carljm
  3. @aaugustin @carljm

    [1.4.x] Added a default limit to the maximum number of forms in a for…

    aaugustin authored carljm committed
    This is a security fix. Disclosure and advisory coming shortly.
  4. @carljm

    [1.4.x] Checked object permissions on admin history view.

    carljm authored
    This is a security fix. Disclosure and advisory coming shortly.
    Patch by Russell Keith-Magee.
  5. @carljm

    [1.4.x] Restrict the XML deserializer to prevent network and entity-e…

    carljm authored
    …xpansion DoS attacks.
    This is a security fix. Disclosure and advisory coming shortly.
  6. @carljm

    [1.4.x] Added ALLOWED_HOSTS setting for HTTP host header validation.

    carljm authored
    This is a security fix; disclosure and advisory coming shortly.
Commits on Feb 16, 2013
  1. @timgraham

    [1.4.x] Fixed #19824 - Corrected the class described for Field.primar…

    timgraham authored
    …y_key from IntegerField to AutoField.
    Thanks Keryn Knight.
    Backport of 218bbef from master
  2. @timgraham

    [1.4.x] Fixed #19812 - Removed a duplicate phrase in the widget docs.

    timgraham authored
    Thanks diegueus9 for the report and itsallvoodoo for the draft patch.
    Backport of 7a80904 from master
  3. @phantummm @timgraham

    [1.4.x] Fixed #19719 - Removed misleading example from ModelForm docu…

    phantummm authored timgraham committed
    Backport of 976dc07 from master
Commits on Feb 13, 2013
  1. @timgraham

    [1.4.x] Fixed #19815 - Removed an unused import in tutorial 3.

    timgraham authored
    Thanks pedro.calcao@ for the report.
Commits on Feb 12, 2013
  1. @akaariai

    [1.4.x] Removed try-except in django.db.close_connection()

    akaariai authored
    The reason was that the except clause needed to remove a connection
    from the django.db.connections dict, but other parts of Django do not
    expect this to happen. In addition the except clause was silently
    swallowing the exception messages.
    Refs #19707, special thanks to Carl Meyer for pointing out that this
    approach should be taken.
Commits on Feb 11, 2013
  1. @claudep

    Fixed WSGIPythonPath instruction in deployment docs

    claudep authored
    Partial backport of 3abf610 from master. Refs #19042.
Commits on Feb 10, 2013
  1. @akaariai

    [1.4.x] Made custom m2m fields without through easier to use

    akaariai authored
    The change in f105fbe made through=None
    m2m fields fail in cases where they worked before. It isn't possible to
    create such fields using public APIs. The fix is trivial, so it seems
    worth fixing this for custom m2m field users.
    This is not a backport from master. Master has gotten enough other
    changes to related fields internal API that this fix alone isn't enough
    to do any good.
  2. @akaariai
  3. @akaariai

    [1.4.x] Fixed #19645 -- Added tests for TransactionMiddleware

    akaariai authored
    Backpatch of f556df9. Backpatching
    these tests so that it will be easier to backpatch the fix for #19707.
Commits on Feb 7, 2013
  1. @timgraham

    [1.4.x] Fixed #19756 - Corrected a ManyToMany example and added some …

    timgraham authored
    …links and markup.
    Backport of 43efefa from master
Commits on Feb 2, 2013
  1. @claudep

    [1.4.x] Fixed #19702 -- Changed a SQL command syntax to be MySQL 4-co…

    claudep authored
    Thanks matf at for the report.
  2. @claudep

    [1.5.x] Lowered field ordering requirement in ogrinspect test

    claudep authored
    This test was randomly failing depending on the library environment.
    Backport of a1c470a from master.
  3. @claudep

    [1.4.x] Fixed #18144 -- Added backwards compatibility with old unsalt…

    claudep authored
    …ed MD5 passwords
    Thanks apreobrazhensky at for the report.
    Backport of 63d6a50 from master.
Commits on Jan 17, 2013
  1. @timgraham

    [1.4.x] Fixed #19555 - Removed '2012' from tutorial 1.

    timgraham authored
    Thanks rodrigorosa.lg and others for the report.
    Backport of 99315f7 from master
Commits on Jan 10, 2013
  1. @timgraham

    [1.4.x] Addeded CSS to bold deprecation notices.

    timgraham authored
    Thanks Sam Lai for mentioning this on the mailing list.
    Backport of 227bd3f from master
Commits on Dec 21, 2012
  1. @timgraham

    [1.4.X] Fixed #19506 - Remove 'mysite' prefix in model example.

    timgraham authored
    Thanks Mike O'Connor for the report.
    Backport of 52a2588 from master
Commits on Dec 19, 2012
  1. @ramiro
Commits on Dec 15, 2012
  1. @timgraham

    [1.4.X] Fixed #18099 -- corrected a typo in the initial data docs. Th…

    authored timgraham committed
    …anks to Bradley Ayers for the patch.
    Backport of f5a9e5e from master
Commits on Dec 10, 2012
  1. @apollo13

    [1.4.X] Fixed a test failure in the comment tests.

    apollo13 authored
    Backport of 1eb0da1 from master.
  2. @ubernostrum
  3. @apollo13

    [1.4.X] Fixed a security issue in get_host.

    apollo13 authored
    Full disclosure and new release forthcoming.
  4. @apollo13
Commits on Dec 4, 2012
  1. @jphalip
  2. @sebasmagri @jphalip

    [1.4.x] Fixed #19318 -- Ensured that the admin's SimpleListFilter opt…

    sebasmagri authored jphalip committed
    …ions can be displayed as selected even if the lookup's first element is not a string.
    Backport of 88e1715
Commits on Nov 24, 2012
  1. @akaariai
  2. @aaugustin
Commits on Nov 23, 2012
  1. @akaariai

    [1.4.x] Fixed SQLite's collapsing of same-valued instances in bulk_cr…

    akaariai authored
    SQLite used INSERT INTO tbl SELECT %s UNION SELECT %s, the problem
    was that there should have been UNION ALL instead of UNION.
    Refs #19351
    Backpatch of a275824
Something went wrong with that request. Please try again.