Branch: refs/heads/stable/1.4.x
Home: https://github.com/django/django
Commit: 4d5e972a2c9f3e2f6ce115f7fbe44df8dd8612ef
https://github.com/django/django/commit/4d5e972a2c9f3e2f6ce115f7fbe44df8dd8612ef
Author: Tim Graham <timogra...@gmail.com>
Date: 2014-08-11 (Mon, 11 Aug 2014)
Changed paths:
A docs/releases/1.4.14.txt
M docs/releases/index.txt
Log Message:
-----------
[1.4.x] Added release note stub for 1.4.14.
Commit: c2fe73133b62a1d9e8f7a6b43966570b14618d7e
https://github.com/django/django/commit/c2fe73133b62a1d9e8f7a6b43966570b14618d7e
Author: Florian Apolloner <flor...@apolloner.eu>
Date: 2014-08-11 (Mon, 11 Aug 2014)
Changed paths:
M django/core/urlresolvers.py
M docs/releases/1.4.14.txt
M tests/regressiontests/urlpatterns_reverse/tests.py
M tests/regressiontests/urlpatterns_reverse/urls.py
Log Message:
-----------
[1.4.x] Prevented reverse() from generating URLs pointing to other hosts.
This is a security fix. Disclosure following shortly.
Commit: 30042d475bf084c6723c6217a21598d9247a9c41
https://github.com/django/django/commit/30042d475bf084c6723c6217a21598d9247a9c41
Author: Tim Graham <timogra...@gmail.com>
Date: 2014-08-11 (Mon, 11 Aug 2014)
Changed paths:
M django/core/files/storage.py
M docs/howto/custom-file-storage.txt
M docs/ref/files/storage.txt
M docs/releases/1.4.14.txt
M tests/modeltests/files/tests.py
M tests/regressiontests/file_storage/tests.py
Log Message:
-----------
[1.4.x] Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file
names.
This is a security fix. Disclosure following shortly.
Commit: c9e3b9949cd55f090591fbdc4a114fcb8368b6d9
https://github.com/django/django/commit/c9e3b9949cd55f090591fbdc4a114fcb8368b6d9
Author: Preston Holmes <pres...@ptone.com>
Date: 2014-08-11 (Mon, 11 Aug 2014)
Changed paths:
M django/contrib/auth/middleware.py
M django/contrib/auth/tests/remote_user.py
M docs/releases/1.4.14.txt
Log Message:
-----------
[1.4.x] Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USE
change.
This is a security fix. Disclosure following shortly.
Commit: 027bd348642007617518379f8b02546abacaa6e0
https://github.com/django/django/commit/027bd348642007617518379f8b02546abacaa6e0
Author: Simon Charette <charett...@gmail.com>
Date: 2014-08-11 (Mon, 11 Aug 2014)
Changed paths:
A django/contrib/admin/exceptions.py
M django/contrib/admin/options.py
M django/contrib/admin/views/main.py
M docs/releases/1.4.14.txt
M tests/regressiontests/admin_views/tests.py
Log Message:
-----------
[1.4.x] Prevented data leakage in contrib.admin via query string manipulation.
This is a security fix. Disclosure following shortly.
Compare: https://github.com/django/django/compare/88cb7aa6aa22...027bd3486420
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/53f4fcffe8222_7cfa3fee5462929c73472%40hookshot-fe1-cp1-prd.iad.github.net.mail.
For more options, visit https://groups.google.com/d/optout.
