Branch: refs/heads/stable/1.4.x Home: https://github.com/django/django Commit: 4d5e972a2c9f3e2f6ce115f7fbe44df8dd8612ef https://github.com/django/django/commit/4d5e972a2c9f3e2f6ce115f7fbe44df8dd8612ef Author: Tim Graham <timogra...@gmail.com> Date: 2014-08-11 (Mon, 11 Aug 2014)
Changed paths: A docs/releases/1.4.14.txt M docs/releases/index.txt Log Message: ----------- [1.4.x] Added release note stub for 1.4.14. Commit: c2fe73133b62a1d9e8f7a6b43966570b14618d7e https://github.com/django/django/commit/c2fe73133b62a1d9e8f7a6b43966570b14618d7e Author: Florian Apolloner <flor...@apolloner.eu> Date: 2014-08-11 (Mon, 11 Aug 2014) Changed paths: M django/core/urlresolvers.py M docs/releases/1.4.14.txt M tests/regressiontests/urlpatterns_reverse/tests.py M tests/regressiontests/urlpatterns_reverse/urls.py Log Message: ----------- [1.4.x] Prevented reverse() from generating URLs pointing to other hosts. This is a security fix. Disclosure following shortly. Commit: 30042d475bf084c6723c6217a21598d9247a9c41 https://github.com/django/django/commit/30042d475bf084c6723c6217a21598d9247a9c41 Author: Tim Graham <timogra...@gmail.com> Date: 2014-08-11 (Mon, 11 Aug 2014) Changed paths: M django/core/files/storage.py M docs/howto/custom-file-storage.txt M docs/ref/files/storage.txt M docs/releases/1.4.14.txt M tests/modeltests/files/tests.py M tests/regressiontests/file_storage/tests.py Log Message: ----------- [1.4.x] Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file names. This is a security fix. Disclosure following shortly. Commit: c9e3b9949cd55f090591fbdc4a114fcb8368b6d9 https://github.com/django/django/commit/c9e3b9949cd55f090591fbdc4a114fcb8368b6d9 Author: Preston Holmes <pres...@ptone.com> Date: 2014-08-11 (Mon, 11 Aug 2014) Changed paths: M django/contrib/auth/middleware.py M django/contrib/auth/tests/remote_user.py M docs/releases/1.4.14.txt Log Message: ----------- [1.4.x] Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USE change. This is a security fix. Disclosure following shortly. Commit: 027bd348642007617518379f8b02546abacaa6e0 https://github.com/django/django/commit/027bd348642007617518379f8b02546abacaa6e0 Author: Simon Charette <charett...@gmail.com> Date: 2014-08-11 (Mon, 11 Aug 2014) Changed paths: A django/contrib/admin/exceptions.py M django/contrib/admin/options.py M django/contrib/admin/views/main.py M docs/releases/1.4.14.txt M tests/regressiontests/admin_views/tests.py Log Message: ----------- [1.4.x] Prevented data leakage in contrib.admin via query string manipulation. This is a security fix. Disclosure following shortly. Compare: https://github.com/django/django/compare/88cb7aa6aa22...027bd3486420 -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/53f4fcffe8222_7cfa3fee5462929c73472%40hookshot-fe1-cp1-prd.iad.github.net.mail. For more options, visit https://groups.google.com/d/optout.