Skip to content
Permalink
Branch: master
Commits on Jul 2, 2019
  1. Fixed #28588 -- Doc'd User.has_perm() & co. behavior for active super…

    carltongibson authored and felixxm committed Jul 2, 2019
    …users.
    
    Equivalent note for PermissionsMixin was added in d33864e.
Commits on Jul 1, 2019
  1. Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SS…

    carltongibson authored and felixxm committed Jun 13, 2019
    …L_HEADER if set.
    
    An HTTP request would not be redirected to HTTPS when the
    SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
    the proxy connected to Django via HTTPS.
    
    HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
    set, rather than falling back to the request scheme when the
    SECURE_PROXY_SSL_HEADER did not have the secure value.
    
    Thanks to Gavin Wahl for the report and initial patch suggestion, and
    Shai Berger for review.
Commits on Jun 13, 2019
  1. Refs #30512, #15042 -- Added local-only address to sanitize_email() t…

    carltongibson committed Jun 13, 2019
    …ests cases.
    
    email.headerregistry.parser.get_mailbox() returns a token with a `token_type` attribute.
    
    If `token_type` is `’invalid-mailbox’` then RFC violations have been detected. Emails with only the local part, and no domain,  are correctly parsed but are marked as `’invalid-mailbox’`.
    
    As per #15042, local-only are supported, to enable sending to addresses on localhost.
    
    sanitize_email() does not currently check `token_type`. This test is added to avoid a regression in case this is revisited in the future.
Commits on Jun 4, 2019
Commits on Jun 3, 2019
  1. Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL before …

    carltongibson committed May 23, 2019
    …rendering clickable link.
Commits on May 8, 2019
Commits on Apr 27, 2019
  1. Fixed #30351 -- Handled pre-existing permissions in proxy model permi…

    carltongibson authored and felixxm committed Apr 26, 2019
    …ssions data migration.
    
    Regression in 181fb60.
Commits on Apr 24, 2019
Commits on Apr 1, 2019
Commits on Mar 21, 2019
Commits on Mar 18, 2019
  1. Fixed #30263 -- Doc'd changes to form Media sorting (refs #30179).

    carltongibson committed Mar 18, 2019
    Thanks to Tim Graham for review.
Commits on Feb 14, 2019
  1. Fixed admin_scripts test failures on macOS.

    carltongibson committed Feb 14, 2019
    Regression in 487d904.
Commits on Feb 11, 2019
  1. Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.…

    carltongibson committed Feb 11, 2019
    …format().
    
    Thanks Sjoerd Job Postmus for the report and initial patch.
    Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.
Commits on Feb 7, 2019
Commits on Jan 30, 2019
  1. Fixed #30091 -- Doc'd middleware ordering requirements with CSRF_USE_…

    carltongibson authored and timgraham committed Jan 22, 2019
    …SESSIONS.
Commits on Jan 17, 2019
  1. Removed empty sections from 2.2 release notes.

    carltongibson committed Jan 17, 2019
Commits on Jan 16, 2019
  1. Refs #30102 -- Added comment on use of Template without placeholders …

    carltongibson committed Jan 16, 2019
    …in page_not_found() view.
Commits on Dec 21, 2018
  1. Refs #30015 -- Added 2.1.5 release note and removed 'we' in comments.

    carltongibson authored and timgraham committed Dec 20, 2018
Commits on Dec 12, 2018
Commits on Dec 4, 2018
Commits on Dec 3, 2018
  1. Added release date for 2.1.4.

    carltongibson committed Dec 3, 2018
  2. Fixed #29930 -- Allowed editing in admin with view-only inlines.

    carltongibson and timgraham committed Dec 3, 2018
    Co-authored-by: Tim Graham <timograham@gmail.com>
Commits on Nov 1, 2018
Commits on Oct 1, 2018
Older
You can’t perform that action at this time.