Django

Django 1.3.1

High-level Python web framework

http://www.djangoproject.com

Packager: Gökhan Özbulak

License: BSD

Actions

Build files

Bug reports

Binary packages

Django
Django-docs

Release history

ReleaseRelease dateVersionUpdaterComment
292011-09-121.3.1Gökhan ÖzbulakVersion bump to fix multiple vulnerabilities (pb#19128):
* Session manipulation
* Denial of Service(DoS) attack via URLField
* URLField redirection
* Host header cache poisoning
* Host header and bypass CSRF protection
* Cross-subdomain CSRF attacks
* Sensitive POST data such as plain-text password in DEBUG pages
282011-06-011.3Gökhan ÖzbulakMake Django-docs package and version bump:
- Class-based view support
- Support for logging module of Python
- Extended handling of static files such as CSS, javascript
- Support to unittest module shipped with Python 2.7 by unittest2 module
- Configurable delete-cascade support
- Improvements on built-in template tags
- GeoDjango test suite
- Some bugfixes and improvements for existing features
272011-02-101.2.5Gökmen Görgen* Version bump. Fixed two vulnerabilities in this version:
- Flaw in CSRF handling
- Potential XSS in file field rendering
262010-12-271.2.4Gökmen Görgen* Version bump:
- Fixed two vulnerabilities in this version:
- Leakage in Django administrative interface
- Denial-of-service attack in password-reset mechanism
252010-10-131.2.3Gökçen EraslanMass rebuild for Pardus 2011 Beta
242010-09-121.2.3Ahmet AYGÜN* Version bump:
- Security issue about csrf_token template tag is solved in 1.2.2.
- The patch applied for the security issue covered in Django 1.2.2 caused issues with non-ASCII responses using CSRF tokens. This has been remedied.
- The patch also caused issues with some forms, most notably the user-editing forms in the Django administrative interface. This has been remedied.
- The packaging manifest did not contain the full list of required files. This has been remedied.
232010-06-101.2.1Gökmen Görgen* Version bump:
- Updated Polish localization.
- Applying the correct username restrictions during superuser creation.
- Fix localization with SplitDateTimeField and other multi-value fields/widgets.
- Ensuring the cached template loader uses the correct full template path.
- Fixing a few typos in the documentation.
222010-05-151.2Gökmen Görgen* Stable version bump:
- Support for multiple database connections in a single Django instance.
- Model validation inspired by Django's from validation.
- Vastly improved protection against Cross-Site Request Forgery (CSRF).
- A new user “messages” framework with support for cookie- and session-based message for both anonymous and authenticated users.
- Hooks for object-level permissions, permissions for anonymous users, and more flexible username requirements.
- Customization of e-mail sending via e-mail backends.
- New “smart” if template tag which supports comparison operators.
212010-04-141.2b_1Gökmen Görgen* Update to beta version.
202010-03-191.1.1Gökmen Görgen* Version bump:
- ORM improvements: Aggregate support, and query expressions.
- Model Improvements: Unmanaged and proxy models, deferred fields.
- Test Performance Improvements:
- Test client improvements: The test Client now can automatically follow redirects with the
follow argument to Client.get() and Client.post(). This makes testing views that issue
redirect simpler.
- It's now easier to get at the template context in the response returned the test client:
you'll simply access the context as request.context[key]. The old way, which treats
request.context as a list of contexts, one for each rendered template in the inheritance chain,
is still available if you need it.
- New Admin Features: Editable fields on the change list, and admin actions.
- Conditional view processing, URL namespaces, GeoDjango improvements and more new features.
* Fix license information.
* Remove unrequired patch that's also included in this version.
* Fix summary.
* Fix Turkish translations.
* Remove unrequired modules from actions.py.
* Fix copyright date information as 2006-2010.
* Add build function for checking compile process.
192009-10-111.0.3Eren TürkayFix denial of service vulnerability caused by regular expression module.
182009-08-051.0.3Bahadır KandemirNew release fixes unauthorized users accessing any readable content on development servers.
172009-06-081.0.2Bahadır KandemirFixed build problems
162008-11-231.0.2Ahmet AYGÜNNew version includes updated translations, some bug fixes and some improvements on unicode functions.
152008-09-041.0Ahmet AYGÜNVersion bump to fix cross-site request forgery (CSRF).
142008-06-170.96.2S.Çağlar OnurVersion bump
132008-05-230.96.1Eren TürkayProperly add Csrf protection middleware into default project settings.py. Csrf middleware should come before SessionMiddleware.
122008-05-140.96.1Eren TürkayEscape request.path before use as form's submission action in admin login page. http://www.djangoproject.com/weblog/2008/may/14/security/
112007-11-130.96.1Eren TürkayEnable csrf protecting middleware by default, when user creates a project, csrf middleware will be automatically added.
102007-10-270.96.1Eren TürkayFix possible ddos attack caused by i18n caching system.
92007-06-170.96Eren TürkayA patch for making django be aware of LOGIN_URL and LOGIN_REDIRECT_URL in settings.py
82007-05-290.96Bahadır KandemirNew release
72007-02-250.95.1S.Çağlar OnurAkismet support
62007-02-180.95.1S.Çağlar OnurOverride FreeComment's save method to send a mail
52007-01-250.95.1S.Çağlar OnurA patch which disables debugging mode in the flup FastCGI package Django uses to launch its FastCGI server, which prevents tracebacks from bubbling up during production use
42007-01-190.95İsmail DönmezFix two security bugs, ref. http://secunia.com/advisories/23826/
32006-10-150.95S.Çağlar OnurAdd missing dep
22006-09-300.95Bahadır KandemirTurkish translation and fixes.
12006-08-310.95Barış MetinFirst release.

Patches

local-settings.patch
enable-csrf-protection-by-default.patch