| 592187e | Tim Graham | 03 January 2015, 02:07:00 UTC | [1.4.x] Bumped version for 1.4.17 release. | 03 January 2015, 02:07:00 UTC |
| 35dc639 | Tim Graham | 03 January 2015, 00:20:18 UTC | [1.4.x] Added dates to release notes. Backport of 15cd71ed24945ff7be5716580603fd65c0d45ef7 from master | 03 January 2015, 00:23:14 UTC |
| a25c444 | Tim Graham | 02 January 2015, 17:35:41 UTC | [1.4.x] Updated six to 1.9.0. Backport of 52f0b2b62262743d5f935ddae29428e661b5d8ea from master | 02 January 2015, 18:38:58 UTC |
| 5940da1 | Simon Charette | 16 November 2014, 15:42:09 UTC | [1.4.x] Fixed #23754 -- Always allowed reference to the primary key in the admin This change allows dynamically created inlines "Add related" button to work correcly as long as their associated foreign key is pointing to the primary key of the related model. Thanks to amorce for the report, Julien Phalip for the initial patch, and Collin Anderson for the review. Backport of f9c4e14aeca7df79991bca8ac2d743953cbd095c from master | 25 November 2014, 19:04:56 UTC |
| c83b024 | Tim Graham | 13 November 2014, 09:30:36 UTC | [1.4.x] Removed thread customizations of six which are now built-in. Backport of 7ef81b5cdd4c8eda12aa7786484a0bfde00aaaa4 from master | 13 November 2014, 10:36:21 UTC |
| a1dcd82 | Tim Graham | 05 November 2014, 01:38:38 UTC | [1.4.x] Updated six to 1.8.0. Backport of 81477c91f6 from master | 05 November 2014, 02:30:21 UTC |
| 486b6ca | Tim Graham | 22 October 2014, 17:33:07 UTC | [1.4.x] Post-release version bump. | 22 October 2014, 17:33:07 UTC |
| 151d6db | James Bennett | 22 October 2014, 16:36:19 UTC | [1.4.x] Bump version numbers for bugfix release. | 22 October 2014, 16:36:19 UTC |
| a92e386 | Tim Graham | 22 October 2014, 16:23:21 UTC | [1.4.x] Added release dates to release notes. Backport of 9dc782b631 from master | 22 October 2014, 16:25:45 UTC |
| 643374b | Tim Graham | 10 October 2014, 19:18:54 UTC | [1.4.x] Fixed #23631 -- Removed outdated note on MySQL timezone support. Thanks marfire for the report. Backport of 9db3653670 from master | 10 October 2014, 19:22:46 UTC |
| f58392d | Emmanuelle Delescolle | 05 October 2014, 18:06:51 UTC | [1.4.x] Fixed #23604 -- Allowed related m2m fields to be references in the admin. Thanks Simon Charette for review. Backport of a24cf21722 from master | 06 October 2014, 13:08:45 UTC |
| df657a7 | Tim Graham | 29 September 2014, 23:31:29 UTC | [1.4.x] Required numpy < 1.9 for tests; refs #23489. Backport of 4743a94429 from stable/1.7.x | 29 September 2014, 23:47:33 UTC |
| 3132eda | Joseph Dougherty | 17 September 2014, 03:30:11 UTC | [1.4.x] Fixed #23499 -- Error in built-in template tag "now" documentation Backport of ab8248361e0a7b4fc7684eaaa5891e16b8562683 from master. | 17 September 2014, 07:26:45 UTC |
| ba2be27 | Claude Paroz | 13 March 2013, 08:50:45 UTC | [1.4.x] Fixed #20036 -- Improved GEOS version string parsing Thanks chikiro.spam at gmail.com for the report. | 11 September 2014, 18:54:33 UTC |
| 065caaf | Simon Charette | 04 September 2014, 21:04:53 UTC | [1.4.x] Fixed #23431 -- Allowed inline and hidden references to admin fields. This fixes a regression introduced by the 53ff096982 security fix. Thanks to @a1tus for the report and Tim for the review. refs #23329. Backport of 342ccbd from master | 08 September 2014, 18:22:29 UTC |
| 7808584 | Tim Graham | 03 September 2014, 01:34:29 UTC | [1.4.x] Added dates to release notes. Backport of 0fd23545db from master | 03 September 2014, 01:36:44 UTC |
| 89157fe | Tim Graham | 03 September 2014, 01:07:29 UTC | [1.4.x] Post release version bump. | 03 September 2014, 01:07:29 UTC |
| 0517f49 | James Bennett | 02 September 2014, 20:43:24 UTC | [1.4.x] Bump version numbers for bugfix release. | 02 September 2014, 20:43:24 UTC |
| 4685026 | Simon Charette | 21 August 2014, 15:55:23 UTC | [1.4.x] Fixed #23329 -- Allowed inherited and m2m fields to be referenced in the admin. Thanks to Trac alias Markush2010 and ross for the detailed reports. Backport of 3cbb759 from master | 28 August 2014, 02:12:37 UTC |
| 8adc56c | Tim Graham | 26 August 2014, 13:44:24 UTC | [1.4.x] Fixed spelling mistake in file docs. Backport of a3e88e64a4 from master | 26 August 2014, 13:45:06 UTC |
| 27c682f | Tim Graham | 20 August 2014, 20:36:24 UTC | [1.4.x] Bumped version number post-release. | 20 August 2014, 20:36:42 UTC |
| e484df7 | Tim Graham | 20 August 2014, 20:31:45 UTC | [1.4.x] Added dates to release notes. | 20 August 2014, 20:33:50 UTC |
| 4fce019 | James Bennett | 20 August 2014, 20:00:40 UTC | [1.4.x] Bump version numbers for security release. | 20 August 2014, 20:00:40 UTC |
| 027bd34 | Simon Charette | 11 August 2014, 19:36:16 UTC | [1.4.x] Prevented data leakage in contrib.admin via query string manipulation. This is a security fix. Disclosure following shortly. | 11 August 2014, 20:01:41 UTC |
| c9e3b99 | Preston Holmes | 11 August 2014, 16:04:53 UTC | [1.4.x] Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USE change. This is a security fix. Disclosure following shortly. | 11 August 2014, 16:15:06 UTC |
| 30042d4 | Tim Graham | 08 August 2014, 14:20:08 UTC | [1.4.x] Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file names. This is a security fix. Disclosure following shortly. | 11 August 2014, 14:14:06 UTC |
| c2fe731 | Florian Apolloner | 17 July 2014, 19:59:28 UTC | [1.4.x] Prevented reverse() from generating URLs pointing to other hosts. This is a security fix. Disclosure following shortly. | 11 August 2014, 13:04:23 UTC |
| 4d5e972 | Tim Graham | 05 August 2014, 19:20:05 UTC | [1.4.x] Added release note stub for 1.4.14. | 11 August 2014, 12:47:06 UTC |
| 88cb7aa | Tim Graham | 07 August 2014, 13:20:59 UTC | [1.4.x] Added a warning that remove_tags() output shouldn't be considered safe. Backport of 7efce77de2 from master | 11 August 2014, 11:11:30 UTC |
| 399052d | Tim Graham | 08 August 2014, 16:45:18 UTC | [1.4.x] Noted that django-jython requires Django 1.7. Backport of 72e98d5c16 from stable/1.6.x | 08 August 2014, 16:47:31 UTC |
| d23d19c | Tim Graham | 06 August 2014, 12:28:51 UTC | [1.4.x] Fixed #23239 -- Clarified a phrase in the contrib.markup docs. Backport of e0fb48c254 from stable/1.5.x | 06 August 2014, 12:30:49 UTC |
| bc03817 | Erik Romijn | 02 August 2014, 17:01:23 UTC | [1.4.x] Fixed #23149 -- Clarified note on HTTPOnly in cookie-based session docs Backport of e26366da44bb343e7a95d01ff0dd18b8026c2802 from master. | 02 August 2014, 17:01:23 UTC |
| 778a555 | Tim Graham | 25 July 2014, 13:46:15 UTC | [1.4.x] Added tests/requirements/py2.txt. This follows the convention used in other branches so we don't need a special case in the build script for 1.4. | 25 July 2014, 13:46:15 UTC |
| aa9c45c | Ramiro Morales | 15 July 2014, 00:09:38 UTC | [1.4.x] Revert "Fixed #13794 -- Fixed to_field usage in BaseInlineFormSet." This reverts commit b44519072e8a0ef56a0ae9e6e4a1fb04273eb0eb. stable/1.4.x branch is in security-fixes-only mode. | 15 July 2014, 00:09:38 UTC |
| b445190 | Tim Graham | 08 July 2014, 19:58:14 UTC | [1.4.x] Fixed #13794 -- Fixed to_field usage in BaseInlineFormSet. Thanks sebastien at clarisys.fr for the report and gautier for the patch. Backport of 5e2c4a4bd1 from master | 14 July 2014, 15:38:00 UTC |
| d29f3b9 | Tim Graham | 18 June 2014, 18:35:38 UTC | [1.4.x] Fixed #22859 -- Improved crossDomain technique in CSRF example. Thanks flisky for the report. Backport of 0be4d64487 from master | 18 June 2014, 18:38:30 UTC |
| d39fcff | Tim Graham | 15 May 2014, 11:11:29 UTC | [1.4.x] Minor edits to latest release notes. Backport of 860d31ac7a3bdd4b27db8b34b110b3d801ddaf8a from master | 15 May 2014, 11:17:54 UTC |
| 37d6821 | Jacob Kaplan-Moss | 14 May 2014, 16:24:02 UTC | Bumped version numbers post-release. | 14 May 2014, 16:24:08 UTC |
| 53b98b5 | Jacob Kaplan-Moss | 14 May 2014, 16:09:51 UTC | Bumped version numbers for release. | 14 May 2014, 16:09:51 UTC |
| fe5b3e3 | Jacob Kaplan-Moss | 14 May 2014, 16:07:32 UTC | Added release notes for 1.4.13. | 14 May 2014, 16:07:32 UTC |
| 7feb54b | Tim Graham | 12 May 2014, 13:46:40 UTC | [1.4.x] Added additional checks in is_safe_url to account for flexible parsing. This is a security fix. Disclosure following shortly. | 12 May 2014, 13:46:40 UTC |
| 28e2330 | Aymeric Augustin | 12 May 2014, 13:46:22 UTC | [1.4.x] Dropped fix_IE_for_vary/attach. This is a security fix. Disclosure following shortly. | 12 May 2014, 13:46:22 UTC |
| e181261 | Tim Graham | 28 April 2014, 23:06:25 UTC | [1.4.x] Added dates to release notes of today's release. Backport of 68d264059abb21b96c4fe68bf4d99520268a451c from master | 28 April 2014, 23:07:51 UTC |
| 48a4729 | Tim Graham | 28 April 2014, 23:03:36 UTC | [1.4.x] Post release version bump. | 28 April 2014, 23:03:36 UTC |
| b1b680c | James Bennett | 28 April 2014, 20:28:15 UTC | [1.4.x] Bump version numbers for 1.4.12 bugfix release. | 28 April 2014, 20:28:15 UTC |
| b91c385 | Tim Graham | 23 April 2014, 13:22:02 UTC | [1.4.x] Fixed #22486 -- Restored the ability to reverse views created using functools.partial. Regression in 8b93b31. Thanks rcoup for the report. Backport of 3c06b2f2a3 from master | 23 April 2014, 13:22:02 UTC |
| 1edb163 | Tim Graham | 22 April 2014, 15:50:20 UTC | [1.4.x] Post release version bump. | 22 April 2014, 15:50:20 UTC |
| 194159b | James Bennett | 21 April 2014, 22:38:26 UTC | [1.4.x] Bump version numbers for 1.4.11 security release. | 21 April 2014, 22:38:26 UTC |
| 8010908 | Erik Romijn | 21 April 2014, 10:53:34 UTC | [1.4.x] Added information on resolved security issues to release notes. Backport of c07f3e60c2d455e36ba4ac339d4283d32bbc3814 from master | 21 April 2014, 22:31:44 UTC |
| aa80f49 | Erik Romijn | 20 April 2014, 20:32:48 UTC | [1.4.x] Fixed queries that may return unexpected results on MySQL due to typecasting. This is a security fix. Disclosure will follow shortly. Backport of 75c0d4ea3ae48970f788c482ee0bd6b29a7f1307 from master | 21 April 2014, 22:31:44 UTC |
| 1170f28 | Aymeric Augustin | 20 April 2014, 20:32:09 UTC | [1.4.x] Prevented leaking the CSRF token through caching. This is a security fix. Disclosure will follow shortly. Backport of c083e3815aec23b99833da710eea574e6f2e8566 from master | 21 April 2014, 22:31:44 UTC |
| c1a8c42 | Tim Graham | 20 April 2014, 17:35:24 UTC | [1.4.x] Fixed a remote code execution vulnerabilty in URL reversing. Thanks Benjamin Bach for the report and initial patch. This is a security fix; disclosure to follow shortly. Backport of 8b93b31487d6d3b0fcbbd0498991ea0db9088054 from master | 21 April 2014, 22:31:44 UTC |
| ca3927d | Matt Lauber | 21 April 2014, 14:48:33 UTC | [1.4.x] Corrected the section identifier for MySQL unicode reference. Backport of b2514c02e1 from master | 21 April 2014, 17:21:14 UTC |
| 83420e7 | Tim Graham | 19 April 2014, 17:01:52 UTC | [1.4.x] Fixed random aggregation_regress test_more_more_more() failure The cause was assuming that an unordered queryset returns the values always in the same order. Backport of 33dd8f544205be923e2a06106909ebcd3583526b | 19 April 2014, 17:01:52 UTC |
| f2a9f71 | Tim Graham | 24 March 2014, 11:33:04 UTC | [1.4.x] Updated six to 1.6.1. Backport of 2ec82c7387db071278201796208808de84c90dbf from master | 24 March 2014, 11:35:13 UTC |
| f108b1f | Claude Paroz | 22 March 2014, 10:14:15 UTC | [1.4.x] Clarified striptags documentation The fact that striptags cannot guarantee to really strip all non-safe HTML content was not clear enough. Also see: https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/ Partial backport (doc-only) of 6ca6c36f82 from master. | 22 March 2014, 10:19:58 UTC |
| b8713ee | Tim Graham | 01 October 2013, 14:08:36 UTC | [1.4.x] Fixed #21195 -- Clarifed usage of template_name in tutorial part 4. Backport of b66a51ad545ac726ef98966cbc35ee7aefdff8cd from master. | 05 March 2014, 21:35:37 UTC |
| 74181c0 | Tim Graham | 26 January 2014, 22:48:28 UTC | [1.4.x] Added release note stub for 1.4.11. Backport of dfa28981ce from master. | 26 January 2014, 22:50:12 UTC |
| 257f852 | Tim Graham | 26 January 2014, 20:52:39 UTC | [1.4.x] Fixed #21823 -- Upgraded six to 1.5.2 Backport of 780ae7e9f8 from master. | 26 January 2014, 20:52:39 UTC |
| 8505752 | Tim Graham | 24 January 2014, 13:52:43 UTC | [1.4.x] Fixed #21869 -- Fixed docs building with Sphinx 1.2.1. Thanks tragiclifestories for the report. Backport of e1d18b9d2e from master | 24 January 2014, 14:05:59 UTC |
| 03d9b9e | Jacob Kaplan-Moss | 07 September 2013, 17:46:42 UTC | [1.4.x] Added a note about LTS releases. Backport of a44cbca2a5f1388c6511dad48443877fa660845a from master. | 19 January 2014, 17:46:57 UTC |
| 1036e3e | Tim Graham | 17 January 2014, 14:21:34 UTC | [1.4.x] Fixed #20052 -- Discouraged use of Jython given the current state of django-jython. Thanks Josh Juneau (maintainer of django-jython) for the review. Backport of a67e327db5 from master | 17 January 2014, 14:29:57 UTC |
| 2c1d92b | Luke Plant | 02 January 2014, 12:39:00 UTC | Updated six to version 1.4.1 This is not a bugfix. But six only exists on Django 1.4.x branch to help with future compatibility, so it is helpful if it keeps up with latest Django. | 02 January 2014, 12:39:00 UTC |
| 474e7dd | Ben Spaulding | 11 December 2013, 17:28:05 UTC | [1.4.x] Fixed #21594 -- Added note about model formsets deleting objects. This behavior has been fixed in 65e03a424e. refs #10284. Backport of de1d5d5df5 from stable/1.6.x. | 11 December 2013, 19:49:22 UTC |
| 2d4f399 | Aymeric Augustin | 04 December 2013, 15:46:56 UTC | [1.4.x] Fixed #21558 -- Support building CHM files. Thanks Michał Pasternak. Backport of cd9e85ec from master. | 04 December 2013, 15:52:30 UTC |
| 2312686 | Alasdair Nicol | 02 December 2013, 17:21:48 UTC | [1.4.x] Fixed #21538 -- Added numpy to test/requirements/base.txt Thanks Tim Graham for the report Backport of c75dd664c from master | 02 December 2013, 18:45:56 UTC |
| 8e8584f | Aymeric Augustin | 23 November 2013, 13:47:09 UTC | [1.4.x] Removed obsolete deprecation notes. | 23 November 2013, 13:47:09 UTC |
| 46755c5 | Baptiste Mispelon | 15 March 2013, 18:14:01 UTC | [1.4.x] Fix #20054: Removed links to modwsgi.org. Backport of 957fcd0c9fc605bbb69e03296aede3b0bac5a8d2 from master. | 22 November 2013, 08:16:50 UTC |
| c5d071f | Tim Graham | 07 November 2013, 14:38:53 UTC | [1.4.x] Added 1.4.10 release notes to index. | 07 November 2013, 14:38:53 UTC |
| 30eb916 | James Bennett | 06 November 2013, 14:17:26 UTC | [1.4.x] Bump version info and add release notes for 1.4.10. | 06 November 2013, 14:17:26 UTC |
| 848a759 | Florian Apolloner | 02 November 2013, 17:18:18 UTC | Fixed #21362 -- Restored Python 2.5 compatibility. | 02 November 2013, 17:18:18 UTC |
| b149d1f | Aymeric Augustin | 01 November 2013, 08:21:34 UTC | Merge pull request #1837 from loic/django14 Fixed SyntaxError on Python 2.5 caused by a @unittest.skipIf class decoration. | 01 November 2013, 08:21:34 UTC |
| 7984b58 | Loic Bistuer | 31 October 2013, 20:35:29 UTC | Fixed SyntaxError on Python 2.5 caused by a @unittest.skipIf class decoration. | 31 October 2013, 20:35:29 UTC |
| d491702 | Paolo Melchiorre | 24 October 2013, 09:11:52 UTC | [1.4.x] Fixed typo in docs/releases/1.4.9.txt. Backport of 3b0293370a from master | 25 October 2013, 11:55:50 UTC |
| 11b750b | Tim Graham | 25 October 2013, 11:54:10 UTC | [1.4.x] Bump version post-release. | 25 October 2013, 11:54:10 UTC |
| 8f36d1f | James Bennett | 25 October 2013, 04:37:26 UTC | [1.4.x] Bump everything for 1.4.9 bugfix release. | 25 October 2013, 04:37:26 UTC |
| 3a46f62 | Tim Graham | 23 October 2013, 22:28:41 UTC | [1.4.x] Bumped release date for 1.5.5 & 1.4.9. Backport of 4ce5c119b5 from master | 23 October 2013, 22:29:53 UTC |
| 6de3726 | Shai Berger | 21 October 2013, 15:12:48 UTC | Fixed #13245: Explained Oracle's behavior w.r.t db_table and how to prevent table-name truncation Thanks russellm & timo for discussion, and timo for review. Backported from master 317040a73b77be8f8210801793b2ce6d1a69301e | 23 October 2013, 12:05:05 UTC |
| ead7c49 | Tim Graham | 25 September 2013, 13:33:29 UTC | [1.4.x] Added 1.4.9 release notes Backport of 2eb8f15516 from master | 23 October 2013, 00:25:20 UTC |
| c4f29c9 | Florian Apolloner | 17 September 2013, 23:14:38 UTC | [1.4.x] Fixed #21253 -- PBKDF2 with cached HMAC key This gives a 2x speed increase compared to the existing implementation. Thanks to Steve Thomas for the initial patch and Tim Graham for finishing it. Backport of 1e4f53a6eb8d1816e51eb8bd8f95e704f6b89ead from master. | 21 October 2013, 18:03:12 UTC |
| ea04c81 | Aymeric Augustin | 13 October 2013, 17:09:26 UTC | [1.4.x] Fixed #21256 -- Error in datetime_safe.datetime.combine. Backport of d9b6fb8 from master | 13 October 2013, 17:11:59 UTC |
| 037ec10 | Anssi Kääriäinen | 09 October 2013, 11:20:37 UTC | [1.4.x] Fixed #21248 -- Skipped test_bcrypt if no py-bcrypt found Pre 1.6 Django worked only with py-bcrypt, not with bcrypt. Skipped test_bcrypt when using bcrypt to avoid false positives. Backpatch of 9f8a36eb20895d9e542820d5190bfa77ad1b85d9 from stable/1.5.x. | 09 October 2013, 11:44:43 UTC |
| e2403db | Florian Apolloner | 17 September 2013, 20:59:56 UTC | [1.4.x] Fixed #21138 -- Increased the performance of our PBKDF2 implementation. Thanks go to Michael Gebetsroither for pointing out this issue and help on the patch. Backport of 68540fe4df44492571bc610a0a043d3d02b3d320 from master. | 24 September 2013, 19:20:19 UTC |
| 0317edf | Florian Apolloner | 24 September 2013, 19:19:20 UTC | Revert "[1.4.x] Ensure that passwords are never long enough for a DoS." This reverts commit 3f3d887a6844ec2db743fee64c9e53e04d39a368. This fix is no longer necessary, our pbkdf2 (see next commit) implementation no longer rehashes the password every iteration. | 24 September 2013, 19:19:20 UTC |
| ca77e38 | Tim Graham | 15 September 2013, 18:14:26 UTC | [1.4.x] Cleaned up 1.4.8 release notes Backport of 8d29005524 from master | 15 September 2013, 18:29:40 UTC |
| efee30e | Tim Graham | 15 September 2013, 16:59:10 UTC | [1.4.x] Bump version post-release. | 15 September 2013, 16:59:10 UTC |
| 629813a | Claude Paroz | 15 February 2013, 19:11:46 UTC | [1.4.x] Fixed geos test to prevent random failure Points in the test fixtures have 20 as max coordinate. Backport of 87854b0bdf354059f949350a4d63a0ed071d564c from master. | 15 September 2013, 09:45:16 UTC |
| 6903d16 | Russell Keith-Magee | 15 September 2013, 06:02:38 UTC | [1.4.x] Removed usage of b"" string syntax for Python 2.5 compatibility. Refs commit 3f3d887a6844ec2db743fee64c9e53e04d39a368. | 15 September 2013, 06:02:38 UTC |
| 3ffc7b5 | James Bennett | 15 September 2013, 05:53:07 UTC | [1.4.x] Add release notes and bump version numbers for 1.4.8 security release. | 15 September 2013, 05:53:07 UTC |
| 3f3d887 | Russell Keith-Magee | 15 September 2013, 05:49:16 UTC | [1.4.x] Ensure that passwords are never long enough for a DoS. * Limit the password length to 4096 bytes * Password hashers will raise a ValueError * django.contrib.auth forms will fail validation * Document in release notes that this is a backwards incompatible change Thanks to Josh Wright for the report, and Donald Stufft for the patch. This is a security fix; disclosure to follow shortly. Backport of aae5a96d5754ad34e48b7f673ef2411a3bbc1015 from master. | 15 September 2013, 05:49:16 UTC |
| 75d2bcd | Tim Graham | 02 August 2013, 18:46:17 UTC | Fixed #18923 -- Corrected usage of sensitive_post_parameters in contrib.auth Thanks Collin Anderson for the report. Backport of 425d076d0c from master | 13 September 2013, 14:18:55 UTC |
| cca302c | Tim Graham | 11 September 2013, 12:17:15 UTC | [1.4.x] Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH. Thanks EvilDMP for the report and Russell Keith-Magee for the draft text. Backport of da843e7dba from master | 11 September 2013, 12:18:56 UTC |
| 434d122 | Florian Apolloner | 11 September 2013, 11:30:45 UTC | Merge pull request #1616 from loic/fix1.4 Fixed failing test introduced by 87d2750b39. | 11 September 2013, 11:30:45 UTC |
| fba6af5 | Tim Graham | 11 September 2013, 11:02:07 UTC | [1.4.x] Bump version post-release. | 11 September 2013, 11:06:09 UTC |
| 3203f68 | Loic Bistuer | 11 September 2013, 11:05:39 UTC | Fixed failing test introduced by 87d2750b39. The {% ssi %} tag in Django 1.4 doesn't support spaces in its argument. Skip the test if run from a location that contains a space. | 11 September 2013, 11:05:39 UTC |
| 701c1a1 | James Bennett | 11 September 2013, 01:15:38 UTC | [1.4.x] Bump version numbers for 1.4.7 security release. | 11 September 2013, 01:15:38 UTC |
| d1dc8a0 | Tim Graham | 23 August 2013, 10:49:37 UTC | Added 1.4.7 release notes Backport of baec6a26dd from master | 11 September 2013, 01:09:47 UTC |
| 87d2750 | Tim Graham | 28 August 2013, 01:06:33 UTC | [1.4.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths. Thanks Rainer Koirikivi for the report and draft patch. This is a security fix; disclosure to follow shortly. Backport of 7fe5b656c9 from master | 11 September 2013, 01:05:47 UTC |
| 9ab7ed9 | Садовский Николай | 06 July 2013, 02:38:33 UTC | [1.4.x] Fixed #20707 -- Added explicit quota assignment to Oracle test user To enable testing on Oracle 12c | 09 September 2013, 12:13:18 UTC |
| 7826824 | Shai Berger | 17 August 2013, 22:45:01 UTC | [1.4.x] Fixed #20907 - Test failure on Oracle Backport of the Oracle-specific part of commit a18e43c5bb8cb7c82 from master. This commit made get_indexes more consistent across backends. Thanks Tim Graham for pointer to the commit, akaariai and ikelly for the original commit. | 17 August 2013, 22:45:01 UTC |
