| 8f36d1f | James Bennett | 25 October 2013, 04:37:26 UTC | [1.4.x] Bump everything for 1.4.9 bugfix release. | 25 October 2013, 04:37:26 UTC |
| 3a46f62 | Tim Graham | 23 October 2013, 22:28:41 UTC | [1.4.x] Bumped release date for 1.5.5 & 1.4.9. Backport of 4ce5c119b5 from master | 23 October 2013, 22:29:53 UTC |
| 6de3726 | Shai Berger | 21 October 2013, 15:12:48 UTC | Fixed #13245: Explained Oracle's behavior w.r.t db_table and how to prevent table-name truncation Thanks russellm & timo for discussion, and timo for review. Backported from master 317040a73b77be8f8210801793b2ce6d1a69301e | 23 October 2013, 12:05:05 UTC |
| ead7c49 | Tim Graham | 25 September 2013, 13:33:29 UTC | [1.4.x] Added 1.4.9 release notes Backport of 2eb8f15516 from master | 23 October 2013, 00:25:20 UTC |
| c4f29c9 | Florian Apolloner | 17 September 2013, 23:14:38 UTC | [1.4.x] Fixed #21253 -- PBKDF2 with cached HMAC key This gives a 2x speed increase compared to the existing implementation. Thanks to Steve Thomas for the initial patch and Tim Graham for finishing it. Backport of 1e4f53a6eb8d1816e51eb8bd8f95e704f6b89ead from master. | 21 October 2013, 18:03:12 UTC |
| ea04c81 | Aymeric Augustin | 13 October 2013, 17:09:26 UTC | [1.4.x] Fixed #21256 -- Error in datetime_safe.datetime.combine. Backport of d9b6fb8 from master | 13 October 2013, 17:11:59 UTC |
| 037ec10 | Anssi Kääriäinen | 09 October 2013, 11:20:37 UTC | [1.4.x] Fixed #21248 -- Skipped test_bcrypt if no py-bcrypt found Pre 1.6 Django worked only with py-bcrypt, not with bcrypt. Skipped test_bcrypt when using bcrypt to avoid false positives. Backpatch of 9f8a36eb20895d9e542820d5190bfa77ad1b85d9 from stable/1.5.x. | 09 October 2013, 11:44:43 UTC |
| e2403db | Florian Apolloner | 17 September 2013, 20:59:56 UTC | [1.4.x] Fixed #21138 -- Increased the performance of our PBKDF2 implementation. Thanks go to Michael Gebetsroither for pointing out this issue and help on the patch. Backport of 68540fe4df44492571bc610a0a043d3d02b3d320 from master. | 24 September 2013, 19:20:19 UTC |
| 0317edf | Florian Apolloner | 24 September 2013, 19:19:20 UTC | Revert "[1.4.x] Ensure that passwords are never long enough for a DoS." This reverts commit 3f3d887a6844ec2db743fee64c9e53e04d39a368. This fix is no longer necessary, our pbkdf2 (see next commit) implementation no longer rehashes the password every iteration. | 24 September 2013, 19:19:20 UTC |
| ca77e38 | Tim Graham | 15 September 2013, 18:14:26 UTC | [1.4.x] Cleaned up 1.4.8 release notes Backport of 8d29005524 from master | 15 September 2013, 18:29:40 UTC |
| efee30e | Tim Graham | 15 September 2013, 16:59:10 UTC | [1.4.x] Bump version post-release. | 15 September 2013, 16:59:10 UTC |
| 629813a | Claude Paroz | 15 February 2013, 19:11:46 UTC | [1.4.x] Fixed geos test to prevent random failure Points in the test fixtures have 20 as max coordinate. Backport of 87854b0bdf354059f949350a4d63a0ed071d564c from master. | 15 September 2013, 09:45:16 UTC |
| 6903d16 | Russell Keith-Magee | 15 September 2013, 06:02:38 UTC | [1.4.x] Removed usage of b"" string syntax for Python 2.5 compatibility. Refs commit 3f3d887a6844ec2db743fee64c9e53e04d39a368. | 15 September 2013, 06:02:38 UTC |
| 3ffc7b5 | James Bennett | 15 September 2013, 05:53:07 UTC | [1.4.x] Add release notes and bump version numbers for 1.4.8 security release. | 15 September 2013, 05:53:07 UTC |
| 3f3d887 | Russell Keith-Magee | 15 September 2013, 05:49:16 UTC | [1.4.x] Ensure that passwords are never long enough for a DoS. * Limit the password length to 4096 bytes * Password hashers will raise a ValueError * django.contrib.auth forms will fail validation * Document in release notes that this is a backwards incompatible change Thanks to Josh Wright for the report, and Donald Stufft for the patch. This is a security fix; disclosure to follow shortly. Backport of aae5a96d5754ad34e48b7f673ef2411a3bbc1015 from master. | 15 September 2013, 05:49:16 UTC |
| 75d2bcd | Tim Graham | 02 August 2013, 18:46:17 UTC | Fixed #18923 -- Corrected usage of sensitive_post_parameters in contrib.auth Thanks Collin Anderson for the report. Backport of 425d076d0c from master | 13 September 2013, 14:18:55 UTC |
| cca302c | Tim Graham | 11 September 2013, 12:17:15 UTC | [1.4.x] Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH. Thanks EvilDMP for the report and Russell Keith-Magee for the draft text. Backport of da843e7dba from master | 11 September 2013, 12:18:56 UTC |
| 434d122 | Florian Apolloner | 11 September 2013, 11:30:45 UTC | Merge pull request #1616 from loic/fix1.4 Fixed failing test introduced by 87d2750b39. | 11 September 2013, 11:30:45 UTC |
| fba6af5 | Tim Graham | 11 September 2013, 11:02:07 UTC | [1.4.x] Bump version post-release. | 11 September 2013, 11:06:09 UTC |
| 3203f68 | Loic Bistuer | 11 September 2013, 11:05:39 UTC | Fixed failing test introduced by 87d2750b39. The {% ssi %} tag in Django 1.4 doesn't support spaces in its argument. Skip the test if run from a location that contains a space. | 11 September 2013, 11:05:39 UTC |
| 701c1a1 | James Bennett | 11 September 2013, 01:15:38 UTC | [1.4.x] Bump version numbers for 1.4.7 security release. | 11 September 2013, 01:15:38 UTC |
| d1dc8a0 | Tim Graham | 23 August 2013, 10:49:37 UTC | Added 1.4.7 release notes Backport of baec6a26dd from master | 11 September 2013, 01:09:47 UTC |
| 87d2750 | Tim Graham | 28 August 2013, 01:06:33 UTC | [1.4.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths. Thanks Rainer Koirikivi for the report and draft patch. This is a security fix; disclosure to follow shortly. Backport of 7fe5b656c9 from master | 11 September 2013, 01:05:47 UTC |
| 9ab7ed9 | Садовский Николай | 06 July 2013, 02:38:33 UTC | [1.4.x] Fixed #20707 -- Added explicit quota assignment to Oracle test user To enable testing on Oracle 12c | 09 September 2013, 12:13:18 UTC |
| 7826824 | Shai Berger | 17 August 2013, 22:45:01 UTC | [1.4.x] Fixed #20907 - Test failure on Oracle Backport of the Oracle-specific part of commit a18e43c5bb8cb7c82 from master. This commit made get_indexes more consistent across backends. Thanks Tim Graham for pointer to the commit, akaariai and ikelly for the original commit. | 17 August 2013, 22:45:01 UTC |
| d9dc981 | Shai Berger | 15 August 2013, 00:30:51 UTC | [1.4.x] Fixed #20904: Test failure on Oracle Just skip the failing test, the failure isn't really relevant; also, both the test and the reason for its failure were removed in 1.5. Thanks Tim Graham for advice on 1.5. | 17 August 2013, 20:12:01 UTC |
| d5da495 | Luke Plant | 24 December 2012, 01:33:44 UTC | [1.4.x] Fixed #20906 -- Fixed a dependence on set-ordering in tests Backport of 1ae64e96c1 from master | 16 August 2013, 21:55:08 UTC |
| bf611f1 | Anssi Kääriäinen | 29 April 2012, 16:48:43 UTC | [1.4.x] Fixed #20905 -- Fixed an Oracle-specific test case failure Made a test checking ORM-generated query string case-insensitive. Backport of ee0a7c741e from master | 16 August 2013, 16:23:05 UTC |
| 08e5fcb | Florian Apolloner | 13 August 2013, 20:34:52 UTC | Fixed regression in validation tests since example.com is available via https now. | 13 August 2013, 20:34:52 UTC |
| 0d4ef66 | Jacob Kaplan-Moss | 13 August 2013, 17:16:28 UTC | Bump version post-release. | 13 August 2013, 17:16:41 UTC |
| d77ce64 | Tim Graham | 13 August 2013, 17:15:54 UTC | [1.4.x] Removed 1.5.2 release notes | 13 August 2013, 17:15:54 UTC |
| 506913c | Jacob Kaplan-Moss | 13 August 2013, 16:24:46 UTC | Stole the Makefile for building packages from master. | 13 August 2013, 16:24:46 UTC |
| e61e20e | Tim Graham | 13 August 2013, 16:16:30 UTC | Added 1.4.6/1.5.2 release notes. | 13 August 2013, 16:18:07 UTC |
| 30e17be | Jacob Kaplan-Moss | 13 August 2013, 16:09:05 UTC | Bumped version numbers for 1.4.6. | 13 August 2013, 16:09:05 UTC |
| ec67af0 | Jacob Kaplan-Moss | 13 August 2013, 16:00:13 UTC | Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S. This is a security fix; disclosure to follow shortly. | 13 August 2013, 16:00:13 UTC |
| b50be68 | Tim Graham | 12 August 2013, 17:20:58 UTC | [1.4.x] Added missing release notes for older versions of Django Backport of 3f6cc33cff from master | 12 August 2013, 18:11:10 UTC |
| 8af0b1a | Tim Graham | 31 July 2013, 13:24:29 UTC | [1.4.x] Added a bugfix in docutils 0.11 -- docs will now build properly. Backport of a3a59a3197 from master | 31 July 2013, 14:14:38 UTC |
| ed6ec47 | SusanTan | 30 July 2013, 09:11:15 UTC | [1.4.x] Fixed #20779 -- Documented AdminSite.app_index_template; refs #8498. Thanks CollinAnderson for the report. Backport of 7de35a9ef3 from master | 31 July 2013, 11:09:52 UTC |
| f3a961f | mark hellewell | 25 July 2013, 12:48:22 UTC | [1.4.x] Fixed #18315 -- Documented QueryDict.popitem and QueryDict.pop Thanks gcbirzan for the report. Backport of 8c9240222f from master | 25 July 2013, 15:09:25 UTC |
| eda39fe | Brenton Cleeland | 25 July 2013, 10:57:49 UTC | [1.4.x] Fixed #20792 -- Corrected DISALLOWED_USER_AGENTS docs. Thanks simonb for the report. Backport of dab52d99fc from master | 25 July 2013, 11:39:53 UTC |
| dfe36f1 | Matt Deacalion Stevens | 18 July 2013, 11:53:54 UTC | [1.4.x] Atom specification URL updated Changed to the URL of the official RFC for Atom, since Atomenabled.org is just a holding page. Backport of beefc97171 from master | 18 July 2013, 12:48:11 UTC |
| 6b4b18e | Tim Graham | 17 July 2013, 10:50:40 UTC | [1.4.x] Fixed #20756 -- Typo in uWSGI docs. Backport of a3242dc9fe from master | 17 July 2013, 10:51:48 UTC |
| 288d70f | Tim Graham | 11 July 2013, 15:06:34 UTC | [1.4.x] Fixed #20730 -- Fixed "Programmatically creating permissions" error. Thanks glarrain for the report. Backport of 684a606a4e from master | 11 July 2013, 15:10:26 UTC |
| e897134 | Tim Graham | 01 July 2013, 17:58:04 UTC | [1.4.x] Fixed #19196 -- Added test/requirements Backport of 4d92a0bd86 from master | 10 July 2013, 16:12:15 UTC |
| 7b7592c | Tim Graham | 08 July 2013, 19:01:37 UTC | [1.4.x] Fixed #18944 -- Documented PasswordResetForm's from_email argument as a backwards incompatible change for 1.3 Thanks DrMeers for the report. Backport of dab921751d from master | 08 July 2013, 19:06:45 UTC |
| 165cc1d | Baptiste Mispelon | 27 June 2013, 07:42:09 UTC | [1.4.x] Fixed #20665 -- Missing backslash in sitemaps documentation Backport of 5005303ae7919eef26dab9f8ba279696966ebf1d from master. | 27 June 2013, 07:45:58 UTC |
| e2b8657 | Aymeric Augustin | 24 June 2013, 19:00:28 UTC | [1.4.x] Fixed oversight in e3b6fed3. Refs #20636. | 24 June 2013, 19:00:28 UTC |
| e3b6fed | Aymeric Augustin | 24 June 2013, 17:48:23 UTC | [1.4.x] Fixed #20636 -- Stopped stuffing values in the settings. In Django < 1.6, override_settings restores the settings module that was active when the override_settings call was executed, not when it was run. This can make a difference when override_settings is applied to a class, since it's executed when the module is imported, not when the test case is run. In addition, if the settings module for tests is stored alongside the tests themselves, importing the settings module can trigger an import of the tests. Since the settings module isn't fully imported yet, class-level override_settings statements may store a reference to an incorrect settings module. Eventually this will result in a crash during test teardown because the settings module restored by override_settings won't the one that was active during test setup. While Django should prevent this situation in the future by failing loudly in such dubious import sequences, that change won't be backported to 1.5 and 1.4. However, these versions received the "allowed hosts" patch and they're prone to "AttributeError: 'Settings' object has no attribute '_original_allowed_hosts'". To mitigate this regression, this commits stuffs _original_allowed_hosts on a random module instead of the settings module. This problem shouldn't occur in Django 1.6, see #20290, but this patch will be forward-ported for extra safety. Also tweaked backup variable names for consistency. Backport of 0261922 from stable/1.5.x. Conflicts: django/test/utils.py | 24 June 2013, 18:42:42 UTC |
| c97cc85 | Tim Graham | 31 May 2013, 12:07:40 UTC | [1.4.x] Fixed #20326 - Corrected form wizard get_form() example. Thanks tris@ for the report. Backport of 646a2216e9 from master | 31 May 2013, 12:09:17 UTC |
| 9b5fe02 | Gavin Wahl | 29 May 2013, 22:33:51 UTC | [1.4.x] Fixed regroup example. Chicago was missing. Backport of e6ff238 from master. | 30 May 2013, 01:52:25 UTC |
| 227d7f6 | Tim Graham | 28 May 2013, 15:54:53 UTC | [1.4.x] Fixed #20523 - Incorrect form field for FilePathField. Thanks sane4ka.sh@ for the report. Backport of 1fdc3d256d from master | 28 May 2013, 16:00:04 UTC |
| 1deeda5 | Tim Graham | 24 May 2013, 16:35:20 UTC | [1.5.x] Fixed #20492 - Removed a broken link in GIS docs. Backport of fbab3209fc from master | 24 May 2013, 16:36:25 UTC |
| e149d8e | Alasdair Nicol | 24 May 2013, 13:36:17 UTC | [1.4.x] Updated link to jQuery Cookie plugin site Backport of 81f454a322 from master | 24 May 2013, 16:26:23 UTC |
| 5283450 | Wilfred Hughes | 14 May 2013, 10:40:33 UTC | [1.4.x] Fixed a minor spelling mistake in the queryset documentation Backport of d258cce482 from master | 14 May 2013, 14:32:38 UTC |
| 6297673 | Alex Gaynor | 31 August 2012, 02:19:11 UTC | [1.5.X] Fixed #18883 -- added a missing self parameter in the docs Backport of 17d57275f9 from master | 14 May 2013, 00:50:37 UTC |
| fbac080 | Tim Graham | 30 March 2013, 12:36:31 UTC | [1.4.X] Fixed #18277 - Clarified startproject documentation. Backport of 33503600b5 from master | 30 March 2013, 12:38:42 UTC |
| d2b8834 | Nimesh Ghelani | 29 March 2013, 19:31:56 UTC | [1.4.x] Fixed #20150 -- Fixed an error in manager doc example Backport of 485c024567 from master | 29 March 2013, 19:55:52 UTC |
| 4c6fb23 | Carl Meyer | 28 March 2013, 21:11:17 UTC | [1.4.x] Bump version to no longer claim to be 1.4.5 final. | 28 March 2013, 21:11:17 UTC |
| 41af26d | Donald Stufft | 26 March 2013, 17:32:19 UTC | Merge pull request #962 from dstufft/document-bcrypt-truncation-1.4.x Document password truncation with BCryptPasswordHasher | 26 March 2013, 17:32:19 UTC |
| 843034a | Donald Stufft | 26 March 2013, 16:56:40 UTC | Document password truncation with BCryptPasswordHasher | 26 March 2013, 17:28:55 UTC |
| 577a27a | Claude Paroz | 27 February 2013, 20:28:55 UTC | [1.4.x] Fixed #19926 -- Fixed a link to code example in queries docs Thanks Randy Salvo for the report. | 02 March 2013, 19:13:47 UTC |
| 97a67b2 | Aymeric Augustin | 25 February 2013, 19:01:57 UTC | [1.4.x] Fixed #18144 -- Restored compatibility with SHA1 hashes with empty salt. Thanks dahool for the report and initial version of the patch. Backport of 633d8de from master. | 25 February 2013, 19:18:04 UTC |
| 52bac4e | Tim Graham | 25 February 2013, 18:01:15 UTC | [1.4.x] Fixed #19911 - Updated generic view links. Thanks marc@ for the report. | 25 February 2013, 18:01:15 UTC |
| db1e8bd | Tim Graham | 19 February 2013, 23:19:50 UTC | [1.4.x] Fixed #19728 - Updated API stability doc to reflect current meaning of "stable". Backport of 132d5822b0 from master. | 25 February 2013, 17:55:12 UTC |
| 0f555f8 | Preston Holmes | 24 February 2013, 03:25:00 UTC | [1.4.x] Fixed #19902 -- backport of as_view docs | 24 February 2013, 03:25:38 UTC |
| 3872bc5 | Anssi Kääriäinen | 20 February 2013, 01:08:55 UTC | [1.4.x] Made a couple of selenium tests wait for page loaded The admin_widgets tests were issuing click() to the browser but didn't wait for the effects of those clicks. This caused the resulting request to be processed concurrently with the test case. When using in-memory SQLite this caused weird failures. Also added wait_page_loaded() to admin selenium tests for code reuse. Fixed #19856, cherry-pick of 50677b29af39ca670274fb45087415c883c78b04 | 20 February 2013, 22:03:39 UTC |
| 67a937c | James Bennett | 20 February 2013, 19:53:27 UTC | [1.4.x] Bump version numbers to roll a clean package. | 20 February 2013, 19:53:27 UTC |
| 3adfc3f | Carl Meyer | 20 February 2013, 19:26:54 UTC | [1.4.x] Note that ALLOWED_HOSTS default changes in Django 1.5. | 20 February 2013, 19:26:54 UTC |
| 4cdfb24 | Carl Meyer | 20 February 2013, 01:36:44 UTC | [1.4.x] Fixed #19857 -- Fixed broken docs link in project template. | 20 February 2013, 01:36:44 UTC |
| 5d1791f | Carl Meyer | 20 February 2013, 01:22:22 UTC | [1.4.x] Don't characterize XML vulnerabilities as DoS-only. | 20 February 2013, 01:22:22 UTC |
| f61f800 | James Bennett | 19 February 2013, 20:17:23 UTC | [1.4.x] Bump version numbers for security release. | 19 February 2013, 20:17:23 UTC |
| 62d5338 | Carl Meyer | 12 February 2013, 22:33:38 UTC | [1.4.x] Update 1.4.4 release notes for all security fixes. | 19 February 2013, 18:48:46 UTC |
| 0cc350a | Aymeric Augustin | 12 February 2013, 10:22:41 UTC | [1.4.x] Added a default limit to the maximum number of forms in a formset. This is a security fix. Disclosure and advisory coming shortly. | 19 February 2013, 17:37:54 UTC |
| 0e7861a | Carl Meyer | 04 February 2013, 23:57:59 UTC | [1.4.x] Checked object permissions on admin history view. This is a security fix. Disclosure and advisory coming shortly. Patch by Russell Keith-Magee. | 19 February 2013, 17:37:54 UTC |
| 1c60d07 | Carl Meyer | 12 February 2013, 04:54:53 UTC | [1.4.x] Restrict the XML deserializer to prevent network and entity-expansion DoS attacks. This is a security fix. Disclosure and advisory coming shortly. | 19 February 2013, 17:37:54 UTC |
| 9936fdb | Carl Meyer | 09 February 2013, 18:32:51 UTC | [1.4.x] Added ALLOWED_HOSTS setting for HTTP host header validation. This is a security fix; disclosure and advisory coming shortly. | 19 February 2013, 17:37:54 UTC |
| 57b62a7 | Tim Graham | 16 February 2013, 23:31:54 UTC | [1.4.x] Fixed #19824 - Corrected the class described for Field.primary_key from IntegerField to AutoField. Thanks Keryn Knight. Backport of 218bbef0c4 from master | 16 February 2013, 23:34:34 UTC |
| 83e512f | Tim Graham | 16 February 2013, 23:23:39 UTC | [1.4.x] Fixed #19812 - Removed a duplicate phrase in the widget docs. Thanks diegueus9 for the report and itsallvoodoo for the draft patch. Backport of 7a80904b00 from master | 16 February 2013, 23:25:22 UTC |
| 3d63889 | Alex Hunley | 16 February 2013, 19:30:55 UTC | [1.4.x] Fixed #19719 - Removed misleading example from ModelForm documentation Backport of 976dc07baf from master | 16 February 2013, 23:09:43 UTC |
| 9eb7d59 | Tim Graham | 13 February 2013, 01:04:15 UTC | [1.4.x] Fixed #19815 - Removed an unused import in tutorial 3. Thanks pedro.calcao@ for the report. | 13 February 2013, 01:04:15 UTC |
| dec7dd9 | Anssi Kääriäinen | 12 February 2013, 21:11:22 UTC | [1.4.x] Removed try-except in django.db.close_connection() The reason was that the except clause needed to remove a connection from the django.db.connections dict, but other parts of Django do not expect this to happen. In addition the except clause was silently swallowing the exception messages. Refs #19707, special thanks to Carl Meyer for pointing out that this approach should be taken. | 12 February 2013, 22:39:43 UTC |
| b4fb448 | Claude Paroz | 11 February 2013, 07:40:11 UTC | Fixed WSGIPythonPath instruction in deployment docs Partial backport of 3abf6105b6 from master. Refs #19042. | 11 February 2013, 07:42:09 UTC |
| 209f174 | Anssi Kääriäinen | 10 February 2013, 19:49:03 UTC | [1.4.x] Made custom m2m fields without through easier to use The change in f105fbe52b21da206bfbaedf0e92326667d7b2d4 made through=None m2m fields fail in cases where they worked before. It isn't possible to create such fields using public APIs. The fix is trivial, so it seems worth fixing this for custom m2m field users. This is not a backport from master. Master has gotten enough other changes to related fields internal API that this fix alone isn't enough to do any good. | 10 February 2013, 19:57:05 UTC |
| 9918b3f | Anssi Kääriäinen | 05 February 2013, 21:52:29 UTC | [1.4.x] Fixed #19707 -- Reset transaction state after requests Backpatch of a4e97cf315142e61bb4bc3ed8259b95d8586d09c. | 10 February 2013, 15:34:38 UTC |
| 498a5de | Anssi Kääriäinen | 10 February 2013, 15:06:52 UTC | [1.4.x] Fixed #19645 -- Added tests for TransactionMiddleware Backpatch of f556df90be995a83b979cf875705d98521ab4dc7. Backpatching these tests so that it will be easier to backpatch the fix for #19707. | 10 February 2013, 15:34:27 UTC |
| 056b2b5 | Tim Graham | 07 February 2013, 11:12:25 UTC | [1.4.x] Fixed #19756 - Corrected a ManyToMany example and added some links and markup. Backport of 43efefae69 from master | 07 February 2013, 12:04:52 UTC |
| ec93ecd | Claude Paroz | 02 February 2013, 13:21:26 UTC | [1.4.x] Fixed #19702 -- Changed a SQL command syntax to be MySQL 4-compatible Thanks matf at op.pl for the report. | 02 February 2013, 13:24:35 UTC |
| 3610d11 | Claude Paroz | 02 February 2013, 13:00:38 UTC | [1.5.x] Lowered field ordering requirement in ogrinspect test This test was randomly failing depending on the library environment. Backport of a1c470a6f from master. | 02 February 2013, 13:08:59 UTC |
| 6bd3896 | Claude Paroz | 02 February 2013, 10:57:25 UTC | [1.4.x] Fixed #18144 -- Added backwards compatibility with old unsalted MD5 passwords Thanks apreobrazhensky at gmail.com for the report. Backport of 63d6a50dd from master. | 02 February 2013, 11:10:38 UTC |
| 89ba1b2 | Tim Graham | 08 January 2013, 20:43:35 UTC | [1.4.x] Fixed #19555 - Removed '2012' from tutorial 1. Thanks rodrigorosa.lg and others for the report. Backport of 99315f709e from master | 17 January 2013, 21:41:05 UTC |
| c26541f | Tim Graham | 10 January 2013, 00:03:34 UTC | [1.4.x] Addeded CSS to bold deprecation notices. Thanks Sam Lai for mentioning this on the mailing list. Backport of 227bd3f8db from master | 10 January 2013, 00:05:20 UTC |
| c4a9e5b | Tim Graham | 21 December 2012, 20:52:06 UTC | [1.4.X] Fixed #19506 - Remove 'mysite' prefix in model example. Thanks Mike O'Connor for the report. Backport of 52a2588df6 from master | 21 December 2012, 20:53:44 UTC |
| 6474105 | Ramiro Morales | 19 December 2012, 18:07:52 UTC | [1.4.x] Added PASSWORD_HASHERS to settings reference document. abd0f304b162b3120b1c7321fbfc3090e5f3c92c from master. | 19 December 2012, 18:13:06 UTC |
| 8ab2ace | Alex Gaynor | 11 April 2012, 02:03:59 UTC | [1.4.X] Fixed #18099 -- corrected a typo in the initial data docs. Thanks to Bradley Ayers for the patch. Backport of f5a9e5e9 from master | 15 December 2012, 21:42:19 UTC |
| f2530dc | Florian Apolloner | 10 December 2012, 22:34:51 UTC | [1.4.X] Fixed a test failure in the comment tests. Backport of 1eb0da1c5ba3096f218d1df13d02a2b8e1ac7a36 from master. | 10 December 2012, 22:37:12 UTC |
| 1f0af3c | James Bennett | 10 December 2012, 21:45:04 UTC | [1.4.x] Bump version numbers for security release. | 10 December 2012, 21:45:04 UTC |
| 319627c | Florian Apolloner | 27 November 2012, 21:26:29 UTC | [1.4.X] Fixed a security issue in get_host. Full disclosure and new release forthcoming. | 10 December 2012, 21:14:16 UTC |
| b2ae0a6 | Florian Apolloner | 17 November 2012, 21:00:53 UTC | [1.4.X] Fixed #18856 -- Ensured that redirects can't be poisoned by malicious users. | 10 December 2012, 21:14:16 UTC |
| 8c9a8fd | Julien Phalip | 04 December 2012, 18:36:56 UTC | [1.4.x] Fixed the admin_filters tests for Postgres. Backport of c196e01100b2 | 04 December 2012, 18:41:22 UTC |
| c721722 | Sebastián Magrí | 19 November 2012, 01:04:39 UTC | [1.4.x] Fixed #19318 -- Ensured that the admin's SimpleListFilter options can be displayed as selected even if the lookup's first element is not a string. Backport of 88e17156393b | 04 December 2012, 04:58:54 UTC |
