Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Feb 20, 2013
  1. @ubernostrum
  2. @carljm
  3. @carljm
  4. @carljm
Commits on Feb 19, 2013
  1. @ubernostrum
  2. @carljm
Commits on Feb 12, 2013
  1. @aaugustin

    [1.3.x] Added a default limit to the maximum number of forms in a for…

    aaugustin authored
    …mset.
    
    This is a security fix. Disclosure and advisory coming shortly.
  2. @carljm @aaugustin

    [1.3.x] Checked object permissions on admin history view.

    carljm authored aaugustin committed
    This is a security fix. Disclosure and advisory coming shortly.
    
    Patch by Russell Keith-Magee.
  3. @carljm @aaugustin

    [1.3.x] Restrict the XML deserializer to prevent network and entity-e…

    carljm authored aaugustin committed
    …xpansion DoS attacks.
    
    This is a security fix. Disclosure and advisory coming shortly.
  4. @carljm @aaugustin

    [1.3.x] Added ALLOWED_HOSTS setting for HTTP host header validation.

    carljm authored aaugustin committed
    This is a security fix; disclosure and advisory coming shortly.
Commits on Dec 10, 2012
  1. @apollo13

    [1.3.X] Fixed a test failure in the comment tests.

    apollo13 authored
    Backport of 1eb0da1 from master.
  2. @ubernostrum
Commits on Dec 3, 2012
  1. @apollo13

    [1.3.X] Fixed a security issue in get_host.

    apollo13 authored
    Full disclosure and new release forthcoming.
Commits on Nov 17, 2012
  1. @apollo13
Commits on Oct 18, 2012
  1. @ptone
Commits on Oct 17, 2012
  1. @ubernostrum
  2. @ptone

    Fixed a security issue related to password resets

    ptone authored
    Full disclosure and new release are forthcoming
    
    backport from master
Commits on Aug 1, 2012
  1. @ubernostrum
  2. @apollo13

    [1.3.x] Fixed #18692 -- Restored python 2.4 compatibility.

    apollo13 authored
    Thanks to chipx86 for the report.
Commits on Jul 30, 2012
  1. @ubernostrum
  2. @ubernostrum
  3. @apollo13

    [1.3.x] Fixed a security issue in http redirects. Disclosure and new …

    apollo13 authored
    …release forthcoming.
    
    Backport of 4129201 from master.
  4. @apollo13

    [1.3.x] Fixed second security issue in image uploading. Disclosure an…

    apollo13 authored
    …d release forthcoming.
    
    Backport of b1d4634 from master.
  5. @apollo13

    [1.3.x] Fixed a security issue in image uploading. Disclosure and rel…

    apollo13 authored
    …ease forthcoming.
    
    Backport of dd16b17 from master.
Commits on May 28, 2012
  1. @akaariai

    Reverted "[1.3.x] Fixed #18135 -- Close connection used for db versio…

    akaariai authored
    …n checking"
    
    This reverts commit a15d3b5. Django
    1.3.x is in security fixes only state, and this wasn't a security
    issue.
Commits on May 27, 2012
  1. @newmaniese @akaariai

    [1.3.x] Fixed #18135 -- Close connection used for db version checking

    newmaniese authored akaariai committed
    On MySQL when checking the server version, a new connection could be
    created but never closed. This could result in open connections on
    server startup.
    
    Backport of 4423757.
Commits on Mar 31, 2012
  1. @jphalip

    [1.3.X] Fixed #17972 -- Ensured that admin filters on a foreign key r…

    jphalip authored
    …espect the to_field attribute. This fixes a regression introduced in [14674] and Django 1.3. Thanks to graveyboat and Karen Tracey for the report.
    
    Backport of r17854 from trunk.
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17857 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Commits on Mar 25, 2012
  1. @aaugustin

    [1.3.X] Fixed #17634 -- Optimized the performance of MultiValueDict b…

    aaugustin authored
    …y using append instead of copy and by minimizing the number of dict lookups. Backport of r17464 from trunk.
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17807 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Commits on Mar 24, 2012
  1. @aaugustin

    [1.3.X] Avoided a test failure if the settings module used to run the…

    aaugustin authored
    … test suite is called "test_settings".
    
    The globbing feature and this test were removed in 1.4.
    
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17806 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  2. @aaugustin

    [1.3.x] Fixed #16481 -- Adapted one raw SQL query in cull implementat…

    aaugustin authored
    …ion of the database-based cache backend so it works with Oracle. Backport of r16635 from trunk.
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17805 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  3. @aaugustin

    [1.3.X] Fixed #16677 -- Fixed the future version of the ssi template …

    aaugustin authored
    …tag to work with template file names that contain spaces. Backport of r16687 from trunk.
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17804 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  4. @aaugustin

    [1.3.X] Fixed #16812 -- Percent-encode URLs in verify_exists, to fix …

    aaugustin authored
    …test failures on Python 2.5 and 2.6. Backport of r16838 from trunk.
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17803 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Commits on Mar 17, 2012
  1. @ramiro

    [1.3.X] Fixed #17488 -- This test passed in 2011 only because 2012-01…

    ramiro authored
    …-01 is a Sunday. Thanks Florian Apolloner for the report and patch.
    
    Fixes #17912. Thanks Julien for the report.
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17759 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Commits on Mar 16, 2012
  1. @claudep

    [1.3.X] Fixed #17841 -- Clarified caching note about authentication b…

    claudep authored
    …ackends. Thanks auzigog for the proposal and lukegb for the patch.
    
    Backport of r17752 from trunk.
    
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17753 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  2. @jphalip

    [1.3.X] Fixed #17908 -- Made some `contrib.markup` tests be skipped s…

    jphalip authored
    …o they don't fail on old versions of Markdown. Thanks to Preston Holmes for the patch.
    
    Backport of r17749 from trunk.
    
    git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17750 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Something went wrong with that request. Please try again.