Skip to content
Commits on Feb 19, 2013
  1. @ubernostrum
  2. @carljm
Commits on Feb 12, 2013
  1. @aaugustin

    [1.3.x] Added a default limit to the maximum number of forms in a for…

    aaugustin committed Feb 12, 2013
    …mset.
    
    This is a security fix. Disclosure and advisory coming shortly.
  2. @carljm @aaugustin

    [1.3.x] Checked object permissions on admin history view.

    carljm committed with aaugustin Feb 4, 2013
    This is a security fix. Disclosure and advisory coming shortly.
    
    Patch by Russell Keith-Magee.
  3. @carljm @aaugustin

    [1.3.x] Restrict the XML deserializer to prevent network and entity-e…

    carljm committed with aaugustin Feb 11, 2013
    …xpansion DoS attacks.
    
    This is a security fix. Disclosure and advisory coming shortly.
  4. @carljm @aaugustin

    [1.3.x] Added ALLOWED_HOSTS setting for HTTP host header validation.

    carljm committed with aaugustin Feb 9, 2013
    This is a security fix; disclosure and advisory coming shortly.
Commits on Dec 10, 2012
  1. @apollo13

    [1.3.X] Fixed a test failure in the comment tests.

    apollo13 committed Dec 10, 2012
    Backport of 1eb0da1 from master.
  2. @ubernostrum
Commits on Dec 3, 2012
  1. @apollo13

    [1.3.X] Fixed a security issue in get_host.

    apollo13 committed Nov 27, 2012
    Full disclosure and new release forthcoming.
Commits on Nov 17, 2012
  1. @apollo13
Commits on Oct 18, 2012
  1. @ptone
Commits on Oct 17, 2012
  1. @ubernostrum
  2. @ptone

    Fixed a security issue related to password resets

    ptone committed Oct 17, 2012
    Full disclosure and new release are forthcoming
    
    backport from master
Commits on Aug 1, 2012
  1. @ubernostrum
  2. @apollo13

    [1.3.x] Fixed #18692 -- Restored python 2.4 compatibility.

    apollo13 committed Aug 1, 2012
    Thanks to chipx86 for the report.
Commits on Jul 30, 2012
  1. @ubernostrum
  2. @ubernostrum
  3. @apollo13

    [1.3.x] Fixed a security issue in http redirects. Disclosure and new …

    apollo13 committed Jul 30, 2012
    …release forthcoming.
    
    Backport of 4129201 from master.
  4. @apollo13

    [1.3.x] Fixed second security issue in image uploading. Disclosure an…

    apollo13 committed Jul 30, 2012
    …d release forthcoming.
    
    Backport of b1d4634 from master.
  5. @apollo13

    [1.3.x] Fixed a security issue in image uploading. Disclosure and rel…

    apollo13 committed Jul 30, 2012
    …ease forthcoming.
    
    Backport of dd16b17 from master.
Commits on May 28, 2012
  1. @akaariai

    Reverted "[1.3.x] Fixed #18135 -- Close connection used for db versio…

    akaariai committed May 28, 2012
    …n checking"
    
    This reverts commit a15d3b5. Django
    1.3.x is in security fixes only state, and this wasn't a security
    issue.
Commits on May 27, 2012
  1. @newmaniese @akaariai

    [1.3.x] Fixed #18135 -- Close connection used for db version checking

    newmaniese committed with akaariai May 27, 2012
    On MySQL when checking the server version, a new connection could be
    created but never closed. This could result in open connections on
    server startup.
    
    Backport of 4423757.
Commits on Mar 31, 2012
  1. @jphalip

    [1.3.X] Fixed #17972 -- Ensured that admin filters on a foreign key r…

    jphalip committed Mar 31, 2012
    …espect the to_field attribute. This fixes a regression introduced in [14674] and Django 1.3. Thanks to graveyboat and Karen Tracey for the report.
    
    Backport of r17854 from trunk.
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17857 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Commits on Mar 25, 2012
  1. @aaugustin

    [1.3.X] Fixed #17634 -- Optimized the performance of MultiValueDict b…

    aaugustin committed Mar 25, 2012
    …y using append instead of copy and by minimizing the number of dict lookups. Backport of r17464 from trunk.
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17807 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Commits on Mar 24, 2012
  1. @aaugustin

    [1.3.X] Avoided a test failure if the settings module used to run the…

    aaugustin committed Mar 24, 2012
    … test suite is called "test_settings".
    
    The globbing feature and this test were removed in 1.4.
    
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17806 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  2. @aaugustin

    [1.3.x] Fixed #16481 -- Adapted one raw SQL query in cull implementat…

    aaugustin committed Mar 24, 2012
    …ion of the database-based cache backend so it works with Oracle. Backport of r16635 from trunk.
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17805 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  3. @aaugustin

    [1.3.X] Fixed #16677 -- Fixed the future version of the ssi template …

    aaugustin committed Mar 24, 2012
    …tag to work with template file names that contain spaces. Backport of r16687 from trunk.
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17804 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  4. @aaugustin

    [1.3.X] Fixed #16812 -- Percent-encode URLs in verify_exists, to fix …

    aaugustin committed Mar 24, 2012
    …test failures on Python 2.5 and 2.6. Backport of r16838 from trunk.
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17803 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Commits on Mar 17, 2012
  1. @ramiro

    [1.3.X] Fixed #17488 -- This test passed in 2011 only because 2012-01…

    ramiro committed Mar 17, 2012
    …-01 is a Sunday. Thanks Florian Apolloner for the report and patch.
    
    Fixes #17912. Thanks Julien for the report.
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17759 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Commits on Mar 16, 2012
  1. @claudep

    [1.3.X] Fixed #17841 -- Clarified caching note about authentication b…

    claudep committed Mar 16, 2012
    …ackends. Thanks auzigog for the proposal and lukegb for the patch.
    
    Backport of r17752 from trunk.
    
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17753 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  2. @jphalip

    [1.3.X] Fixed #17908 -- Made some `contrib.markup` tests be skipped s…

    jphalip committed Mar 16, 2012
    …o they don't fail on old versions of Markdown. Thanks to Preston Holmes for the patch.
    
    Backport of r17749 from trunk.
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17750 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  3. @jphalip

    [1.3.X] Ensured that some staticfiles tests get properly cleaned up o…

    jphalip committed Mar 16, 2012
    …n teardown. Thanks to Claude Paroz for the patch.
    
    Backport of r17747 from trunk.
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17748 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Commits on Mar 15, 2012
  1. @claudep

    [1.3.X] Fixed #17900 -- StreamHandler output defaults to stderr. Than…

    claudep committed Mar 15, 2012
    …ks c4m3lo for the report.
    
    Backport of r17741 from trunk.
    
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17742 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Commits on Mar 14, 2012
  1. @PaulMcMillan

    [1.3.X] Fixed #17837. Improved markdown safety.

    PaulMcMillan committed Mar 14, 2012
    Markdown enable_attributes is now False when safe_mode is enabled. Documented
    the markdown "safe" argument. Added warnings when the safe argument is
    passed to versions of markdown which cannot be made safe.
    
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17734 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  2. @claudep

    [1.3.X] Updated some outdated external URLs in docs.

    claudep committed Mar 14, 2012
    Backport of r17710 from trunk.
    
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17711 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Something went wrong with that request. Please try again.