Branch: refs/heads/stable/1.5.x Home: https://github.com/django/django Commit: 25d9ae5214b59f06f385190733914eaa459751ff https://github.com/django/django/commit/25d9ae5214b59f06f385190733914eaa459751ff Author: Tim Graham <timogra...@gmail.com> Date: 2014-08-20 (Wed, 20 Aug 2014)
Changed paths: A docs/releases/1.4.14.txt A docs/releases/1.5.9.txt M docs/releases/index.txt Log Message: ----------- [1.5.x] Added release note stubs for 1.5.9 and 1.4.14. Commit: 45ac9d4fb087d21902469fc22643f5201d41a0cd https://github.com/django/django/commit/45ac9d4fb087d21902469fc22643f5201d41a0cd Author: Florian Apolloner <flor...@apolloner.eu> Date: 2014-08-20 (Wed, 20 Aug 2014) Changed paths: M django/core/urlresolvers.py M docs/releases/1.4.14.txt M docs/releases/1.5.9.txt M tests/regressiontests/urlpatterns_reverse/tests.py M tests/regressiontests/urlpatterns_reverse/urls.py Log Message: ----------- [1.5.x] Prevented reverse() from generating URLs pointing to other hosts. This is a security fix. Disclosure following shortly. Commit: 26cd48e166ac4d84317c8ee6d63ac52a87e8da99 https://github.com/django/django/commit/26cd48e166ac4d84317c8ee6d63ac52a87e8da99 Author: Tim Graham <timogra...@gmail.com> Date: 2014-08-20 (Wed, 20 Aug 2014) Changed paths: M django/core/files/storage.py M docs/howto/custom-file-storage.txt M docs/ref/files/storage.txt M docs/releases/1.4.14.txt M docs/releases/1.5.9.txt M tests/modeltests/files/tests.py M tests/regressiontests/file_storage/tests.py Log Message: ----------- [1.5.x] Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file names. This is a security fix. Disclosure following shortly. Commit: dd68f319b365f6cb38c5a6c106faf4f6142d7d88 https://github.com/django/django/commit/dd68f319b365f6cb38c5a6c106faf4f6142d7d88 Author: Preston Holmes <pres...@ptone.com> Date: 2014-08-20 (Wed, 20 Aug 2014) Changed paths: M django/contrib/auth/middleware.py M django/contrib/auth/tests/remote_user.py M docs/releases/1.4.14.txt M docs/releases/1.5.9.txt Log Message: ----------- [1.5.x] Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USE change. This is a security fix. Disclosure following shortly. Commit: 2a446c896e7c814661fb9c4f212b071b2a7fa446 https://github.com/django/django/commit/2a446c896e7c814661fb9c4f212b071b2a7fa446 Author: Simon Charette <charett...@gmail.com> Date: 2014-08-20 (Wed, 20 Aug 2014) Changed paths: A django/contrib/admin/exceptions.py M django/contrib/admin/options.py M django/contrib/admin/views/main.py M docs/releases/1.4.14.txt M docs/releases/1.5.9.txt M tests/regressiontests/admin_views/tests.py Log Message: ----------- [1.5.x] Prevented data leakage in contrib.admin via query string manipulation. This is a security fix. Disclosure following shortly. Compare: https://github.com/django/django/compare/27ab82f7fc72...2a446c896e7c -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/53f4fcfd94c87_8a03fec705bf29c1010af%40hookshot-fe2-cp1-prd.iad.github.net.mail. For more options, visit https://groups.google.com/d/optout.