Django 1.3.1
High-level Python web framework
Packager: Gökhan Özbulak
License: BSD
Actions
Binary packages
Release history
Release | Release date | Version | Updater | Comment |
---|---|---|---|---|
29 | 2011-09-12 | 1.3.1 | Gökhan Özbulak | Version bump to fix multiple vulnerabilities (pb#19128): * Session manipulation * Denial of Service(DoS) attack via URLField * URLField redirection * Host header cache poisoning * Host header and bypass CSRF protection * Cross-subdomain CSRF attacks * Sensitive POST data such as plain-text password in DEBUG pages |
28 | 2011-06-01 | 1.3 | Gökhan Özbulak | Make Django-docs package and version bump: - Class-based view support - Support for logging module of Python - Extended handling of static files such as CSS, javascript - Support to unittest module shipped with Python 2.7 by unittest2 module - Configurable delete-cascade support - Improvements on built-in template tags - GeoDjango test suite - Some bugfixes and improvements for existing features |
27 | 2011-02-10 | 1.2.5 | Gökmen Görgen | * Version bump. Fixed two vulnerabilities in this version: - Flaw in CSRF handling - Potential XSS in file field rendering |
26 | 2010-12-27 | 1.2.4 | Gökmen Görgen | * Version bump: - Fixed two vulnerabilities in this version: - Leakage in Django administrative interface - Denial-of-service attack in password-reset mechanism |
25 | 2010-10-13 | 1.2.3 | Gökçen Eraslan | Mass rebuild for Pardus 2011 Beta |
24 | 2010-09-12 | 1.2.3 | Ahmet AYGÜN | * Version bump: - Security issue about csrf_token template tag is solved in 1.2.2. - The patch applied for the security issue covered in Django 1.2.2 caused issues with non-ASCII responses using CSRF tokens. This has been remedied. - The patch also caused issues with some forms, most notably the user-editing forms in the Django administrative interface. This has been remedied. - The packaging manifest did not contain the full list of required files. This has been remedied. |
23 | 2010-06-10 | 1.2.1 | Gökmen Görgen | * Version bump: - Updated Polish localization. - Applying the correct username restrictions during superuser creation. - Fix localization with SplitDateTimeField and other multi-value fields/widgets. - Ensuring the cached template loader uses the correct full template path. - Fixing a few typos in the documentation. |
22 | 2010-05-15 | 1.2 | Gökmen Görgen | * Stable version bump: - Support for multiple database connections in a single Django instance. - Model validation inspired by Django's from validation. - Vastly improved protection against Cross-Site Request Forgery (CSRF). - A new user “messages” framework with support for cookie- and session-based message for both anonymous and authenticated users. - Hooks for object-level permissions, permissions for anonymous users, and more flexible username requirements. - Customization of e-mail sending via e-mail backends. - New “smart” if template tag which supports comparison operators. |
21 | 2010-04-14 | 1.2b_1 | Gökmen Görgen | * Update to beta version. |
20 | 2010-03-19 | 1.1.1 | Gökmen Görgen | * Version bump: - ORM improvements: Aggregate support, and query expressions. - Model Improvements: Unmanaged and proxy models, deferred fields. - Test Performance Improvements: - Test client improvements: The test Client now can automatically follow redirects with the follow argument to Client.get() and Client.post(). This makes testing views that issue redirect simpler. - It's now easier to get at the template context in the response returned the test client: you'll simply access the context as request.context[key]. The old way, which treats request.context as a list of contexts, one for each rendered template in the inheritance chain, is still available if you need it. - New Admin Features: Editable fields on the change list, and admin actions. - Conditional view processing, URL namespaces, GeoDjango improvements and more new features. * Fix license information. * Remove unrequired patch that's also included in this version. * Fix summary. * Fix Turkish translations. * Remove unrequired modules from actions.py. * Fix copyright date information as 2006-2010. * Add build function for checking compile process. |
19 | 2009-10-11 | 1.0.3 | Eren Türkay | Fix denial of service vulnerability caused by regular expression module. |
18 | 2009-08-05 | 1.0.3 | Bahadır Kandemir | New release fixes unauthorized users accessing any readable content on development servers. |
17 | 2009-06-08 | 1.0.2 | Bahadır Kandemir | Fixed build problems |
16 | 2008-11-23 | 1.0.2 | Ahmet AYGÜN | New version includes updated translations, some bug fixes and some improvements on unicode functions. |
15 | 2008-09-04 | 1.0 | Ahmet AYGÜN | Version bump to fix cross-site request forgery (CSRF). |
14 | 2008-06-17 | 0.96.2 | S.Çağlar Onur | Version bump |
13 | 2008-05-23 | 0.96.1 | Eren Türkay | Properly add Csrf protection middleware into default project settings.py. Csrf middleware should come before SessionMiddleware. |
12 | 2008-05-14 | 0.96.1 | Eren Türkay | Escape request.path before use as form's submission action in admin login page. http://www.djangoproject.com/weblog/2008/may/14/security/ |
11 | 2007-11-13 | 0.96.1 | Eren Türkay | Enable csrf protecting middleware by default, when user creates a project, csrf middleware will be automatically added. |
10 | 2007-10-27 | 0.96.1 | Eren Türkay | Fix possible ddos attack caused by i18n caching system. |
9 | 2007-06-17 | 0.96 | Eren Türkay | A patch for making django be aware of LOGIN_URL and LOGIN_REDIRECT_URL in settings.py |
8 | 2007-05-29 | 0.96 | Bahadır Kandemir | New release |
7 | 2007-02-25 | 0.95.1 | S.Çağlar Onur | Akismet support |
6 | 2007-02-18 | 0.95.1 | S.Çağlar Onur | Override FreeComment's save method to send a mail |
5 | 2007-01-25 | 0.95.1 | S.Çağlar Onur | A patch which disables debugging mode in the flup FastCGI package Django uses to launch its FastCGI server, which prevents tracebacks from bubbling up during production use |
4 | 2007-01-19 | 0.95 | İsmail Dönmez | Fix two security bugs, ref. http://secunia.com/advisories/23826/ |
3 | 2006-10-15 | 0.95 | S.Çağlar Onur | Add missing dep |
2 | 2006-09-30 | 0.95 | Bahadır Kandemir | Turkish translation and fixes. |
1 | 2006-08-31 | 0.95 | Barış Metin | First release. |
Patches
local-settings.patchenable-csrf-protection-by-default.patch