Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Cleaned up the release notes index page, and added some stub 1.1.2 an…

…d 1.2 release notes.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11760 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit cf169d9e12720558f3de5fa9cfb5aa3d925f3c57 1 parent f5fefcc
@freakboy3742 freakboy3742 authored
View
2  docs/index.txt
@@ -201,5 +201,5 @@ The Django open-source project
* **Django over time:**
:ref:`API stability <misc-api-stability>` |
- :ref:`Release notes <releases-index>` |
+ :ref:`Release notes and upgrading instructions <releases-index>` |
:ref:`Deprecation Timeline <internals-deprecation>`
View
10 docs/ref/contrib/csrf.txt
@@ -46,7 +46,7 @@ To enable CSRF protection for your views, follow these steps:
``django.views.decorators.csrf.csrf_protect`` on particular views you
want to protect (see below).
- 2. In any template that uses a POST form, use the ``csrf_token`` tag inside
+ 2. In any template that uses a POST form, use the :ttag:`csrf_token` tag inside
the ``<form>`` element if the form is for an internal URL, e.g.::
<form action="" method="POST">{% csrf_token %}
@@ -123,14 +123,14 @@ as ``CsrfResponseMiddleware``, and it can be used by following these steps:
``CsrfResponseMiddleware`` needs to process the response before things
like compression or setting ofETags happen to the response, so it must
- come after ``GZipMiddleware``, ``CommonMiddleware`` and
+ come after ``GZipMiddleware``, ``CommonMiddleware`` and
``ConditionalGetMiddleware`` in the list. It also must come after
``CsrfViewMiddleware``.
Use of the ``CsrfResponseMiddleware`` is not recommended because of the
performance hit it imposes, and because of a potential security problem (see
below). It can be used as an interim measure until applications have been
-updated to use the ``{% csrf_token %}`` tag. It is deprecated and will be
+updated to use the :ttag:`csrf_token` tag. It is deprecated and will be
removed in Django 1.4.
Django 1.1 and earlier provided a single ``CsrfMiddleware`` class. This is also
@@ -199,7 +199,7 @@ Note that contrib apps, such as the admin, have been updated to use the
``CsrfViewMiddleware`` to your settings. However, if you have supplied
customised templates to any of the view functions of contrib apps (whether
explicitly via a keyword argument, or by overriding built-in templates), **you
-MUST update them** to include the ``csrf_token`` template tag as described
+MUST update them** to include the :ttag:`csrf_token` template tag as described
above, or they will stop working. (If you cannot update these templates for
some reason, you will be forced to use ``CsrfResponseMiddleware`` for these
views to continue working).
@@ -364,7 +364,7 @@ exactly that.
Caching
=======
-If the ``csrf_token`` template tag is used by a template (or the ``get_token``
+If the :ttag:`csrf_token` template tag is used by a template (or the ``get_token``
function is called some other way), ``CsrfViewMiddleware`` will add a cookie and
a ``Vary: Cookie`` header to the response. Similarly,
``CsrfResponseMiddleware`` will send the ``Vary: Cookie`` header if it inserted
View
4 docs/ref/templates/builtins.txt
@@ -51,7 +51,7 @@ comment
Ignore everything between ``{% comment %}`` and ``{% endcomment %}``
-.. templatetag:: cycle
+.. templatetag:: csrf_token
csrf_token
~~~~~~~~~~
@@ -63,6 +63,8 @@ future compatibility purposes. In Django 1.2 and later, it is used for CSRF
protection, as described in the documentation for :ref:`Cross Site Request
Forgeries <ref-contrib-csrf>`.
+.. templatetag:: cycle
+
cycle
~~~~~
View
36 docs/releases/1.1.2.txt
@@ -0,0 +1,36 @@
+.. _releases-1.1.2:
+
+==============================================
+Django 1.1.2 release notes — UNDER DEVELOPMENT
+==============================================
+
+This page documents release notes for the as-yet-unreleased Django
+1.1.2. As such it is tentative and subject to change. It provides
+up-to-date information for those who are following the 1.1.X branch.
+
+This is the second "bugfix" release in the Django 1.1 series,
+improving the stability and performance of the Django 1.1 codebase.
+
+Django 1.1.2 maintains backwards compatibility with Django
+1.1.0, but contain a number of fixes and other
+improvements. Django 1.1.2 is a recommended upgrade for any
+development or deployment currently using or targeting Django 1.1.
+
+For full details on the new features, backwards incompatibilities, and
+deprecated features in the 1.1 branch, see the :ref:`releases-1.1`.
+
+One new feature
+---------------
+
+Ordinarily, a point release would not include new features, but in the
+case of Django 1.1.2, we have made an exception to this rule. Django
+1.2 (the next major release of Django) will contain a feature that
+will improve protection against Cross-Site Request Forgery (CSRF)
+attacks. This feature requires the use of a new :ttag:`csrf_token`
+template tag in all forms that Django renders.
+
+To make it easier to support both 1.1.X and 1.2.X versions of Django with
+the same templates, we have decided to introduce the :ttag:`csrf_token` template
+tag to the 1.1.X branch. In the 1.1.X branch, :ttag:`csrf_token` does nothing -
+it has no effect on templates or form processing. However, it means that the
+same template will work with Django 1.2.
View
39 docs/releases/1.2.txt
@@ -8,6 +8,11 @@ This page documents release notes for the as-yet-unreleased Django 1.2. As such
it is tentative and subject to change. It provides up-to-date information for
those who are following trunk.
+Django 1.2 includes a number of nifty `new features`_, lots of bug
+fixes, and an easy upgrade path from Django 1.1.
+
+.. _new features: `What's new in Django 1.2`_
+
.. _backwards-incompatible-changes-1.2:
Backwards-incompatible changes in 1.2
@@ -68,3 +73,37 @@ Features deprecated in 1.2
==========================
None.
+
+What's new in Django 1.2
+========================
+
+CSRF support
+------------
+
+Django now has much improved protection against :ref:`Cross-Site
+Request Forgery (CSRF) attacks<ref-contrib-csrf>`. This type of attack
+occurs when a malicious Web site contains a link, a form button or
+some javascript that is intended to perform some action on your Web
+site, using the credentials of a logged-in user who visits the
+malicious site in their browser. A related type of attack, 'login
+CSRF', where an attacking site tricks a user's browser into logging
+into a site with someone else's credentials, is also covered.
+
+Email Backends
+--------------
+
+You can now :ref:`configure the way that Django sends email
+<topic-email-backends>`. Instead of using SMTP to send all email, you
+can now choose a configurable email backend to send messages. If your
+hosting provider uses a sandbox or some other non-SMTP technique for
+sending mail, you can now construct an email backend that will allow
+Django's standard :ref:`mail sending methods<topics-email>` to use
+those facilities.
+
+This also makes it easier to debug mail sending - Django ships with
+backend implementations that allow you to send email to a
+:ref:`file<topic-email-file-backend>`, to the
+:ref:`console<topic-email-console-backend>`, or to
+:ref:`memory<topic-email-memory-backend>` - you can even configure all
+email to be :ref:`thrown away<topic-email-console-backend>`.
+
View
76 docs/releases/index.txt
@@ -1,5 +1,6 @@
.. _releases-index:
+=============
Release notes
=============
@@ -7,37 +8,60 @@ Release notes for the official Django releases. Each release note will tell you
what's new in each version, and will also describe any backwards-incompatible
changes made in that version.
+For those upgrading to a new version of Django, you will need to check
+all the backwards-incompatible changes and deprecated features for
+each 'final' release from the one after your current Django version,
+up to and including the new version.
+
+Final releases
+==============
+
+1.2 release
+-----------
.. toctree::
:maxdepth: 1
- 0.95
- 0.96
- 1.0-alpha-1
- 1.0-alpha-2
- 1.0-beta
- 1.0-beta-2
- 1.0
- 1.0.1
- 1.0.2
- 1.1-alpha-1
- 1.1-beta-1
- 1.1-rc-1
+ 1.2
+
+1.1 release
+-----------
+.. toctree::
+ :maxdepth: 1
+
+ 1.1.2
1.1
-Upgrading
-=========
+1.0 release
+-----------
+.. toctree::
+ :maxdepth: 1
-For those upgrading to a new version of Django, you will need to check all the
-backwards-incompatible changes and deprecated features for each 'final' release
-from the one after your old version up to and including your new version. The
-relevant sections of the release notes are linked below below for your
-convenience.
+ 1.0.2
+ 1.0.1
+ 1.0
+
+Pre-1.0 releases
+----------------
+.. toctree::
+ :maxdepth: 1
+
+ 0.96
+ 0.95
+
+Development releases
+====================
-For those following trunk, the tentative release notes for the next version to
-be released are also included at the bottom. This is kept up to date with new
-features and changes that you need to be aware of.
+These notes are retained for historical purposes. If you are upgrading
+between formal Django releases, you don't need to worry about these
+notes.
- * :ref:`backwards-incompatible-changes-1.1`
- * :ref:`deprecated-features-1.1`
- * :ref:`backwards-incompatible-changes-1.2`
- * :ref:`deprecated-features-1.2`
+.. toctree::
+ :maxdepth: 1
+
+ 1.1-rc-1
+ 1.1-beta-1
+ 1.1-alpha-1
+ 1.0-beta-2
+ 1.0-beta
+ 1.0-alpha-2
+ 1.0-alpha-1
View
8 docs/topics/email.txt
@@ -421,6 +421,8 @@ want to specify it explicitly, put the following in your settings::
still available in ``django.core.mail`` as an alias for the SMTP backend.
New code should use :meth:`~django.core.mail.get_connection` instead.
+.. _topic-email-console-backend:
+
Console backend
~~~~~~~~~~~~~~~
@@ -436,6 +438,8 @@ To specify this backend, put the following in your settings::
This backend is not intended for use in production -- it is provided as a
convenience that can be used during development.
+.. _topic-email-file-backend:
+
File backend
~~~~~~~~~~~~
@@ -453,6 +457,8 @@ To specify this backend, put the following in your settings::
This backend is not intended for use in production -- it is provided as a
convenience that can be used during development.
+.. _topic-email-memory-backend:
+
In-memory backend
~~~~~~~~~~~~~~~~~
@@ -469,6 +475,8 @@ To specify this backend, put the following in your settings::
This backend is not intended for use in production -- it is provided as a
convenience that can be used during development and testing.
+.. _topic-email-dummy-backend:
+
Dummy backend
~~~~~~~~~~~~~
Please sign in to comment.
Something went wrong with that request. Please try again.