Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: django/django
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 2.1.10
Choose a base ref
...
head repository: django/django
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 2.1.11
Choose a head ref
  • 8 commits
  • 16 files changed
  • 3 contributors

Commits on Jul 1, 2019

  1. [2.1.x] Post-release version bump.

    @felixxm
    felixxm committed Jul 1, 2019
    Configuration menu
    Copy the full SHA
    fafde97 View commit details
    Browse the repository at this point in the history

  2. [2.1.x] Added CVE-2019-12781 to the security release archive. 

    Backport of 868cd56 from master
    @felixxm
    felixxm committed Jul 1, 2019
    Configuration menu
    Copy the full SHA
    765dac3 View commit details
    Browse the repository at this point in the history

Commits on Jul 25, 2019

  1. [2.1.x] Added stub release notes for security releases. 

    Backport of f13147c from master
    @carltongibson
    carltongibson committed Jul 25, 2019
    Configuration menu
    Copy the full SHA
    24eba90 View commit details
    Browse the repository at this point in the history

Commits on Jul 29, 2019

  1. [2.1.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking … 

    …issues when truncating HTML.

Thanks to Guido Vranken for initial report.
    @apollo13 @carltongibson
    apollo13 authored and carltongibson committed Jul 29, 2019
    Configuration menu
    Copy the full SHA
    c23723a View commit details
    Browse the repository at this point in the history

  2. [2.1.X] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recurs… 

    …ion in strip_tags() when handling incomplete HTML entities.

Thanks to Guido Vranken for initial report.
    @apollo13 @carltongibson
    apollo13 authored and carltongibson committed Jul 29, 2019
    Configuration menu
    Copy the full SHA
    5ff8e79 View commit details
    Browse the repository at this point in the history

Commits on Jul 31, 2019

  1. [2.1.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key a… 

    …nd index lookups against SQL injection.

Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
    @felixxm @carltongibson
    felixxm authored and carltongibson committed Jul 31, 2019
    Configuration menu
    Copy the full SHA
    f74b3ae View commit details
    Browse the repository at this point in the history

  2. [2.1.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in … 

    …django.utils.encoding.uri_to_iri().

Thanks to Guido Vranken for initial report.
    @apollo13 @carltongibson
    apollo13 authored and carltongibson committed Jul 31, 2019
    Configuration menu
    Copy the full SHA
    5d50a2e View commit details
    Browse the repository at this point in the history

Commits on Aug 1, 2019

  1. [2.1.x] Bumped version for 2.1.11 release.

    @carltongibson
    carltongibson committed Aug 1, 2019
    Configuration menu
    Copy the full SHA
    ff9dcc0 View commit details
    Browse the repository at this point in the history
Loading