@@ -40,13 +40,22 @@ You can determine your currently installed version using `pip freeze`:
...
@@ -40,13 +40,22 @@ You can determine your currently installed version using `pip freeze`:
## 2.2.x series
## 2.2.x series
### Master
### 2.2.1
**Date**:22nd Feb 2013
*Security fix:Use `defusedxml` package to address XML parsing vulnerabilities.
*Raw data tab added to browseable API. (Eg. Allow for JSON input.)
*Added TimeField.
*Added TimeField.
*Serializer fields can be mapped to any method that takes no args, or only takes kwargs which have defaults.
*Serializer fields can be mapped to any method that takes no args, or only takes kwargs which have defaults.
*Unicode support for view names/descriptions in browseable API.
*Bugfix:request.DATA should return an empty `QueryDict` with no data, not `None`.
*Bugfix:request.DATA should return an empty `QueryDict` with no data, not `None`.
*Bugfix:Remove unneeded field validation, which caused extra queries.
*Bugfix:Remove unneeded field validation, which caused extra queries.
**Securitynote**:Following the [disclosure of security vulnerabilities][defusedxml-announce] in Python's XML parsing libraries, use of the `XMLParser` class now requires the `defusedxml` package to be installed.
The security vulnerabilities only affect APIs which use the `XMLParser` class, by enabling it in any views, or by having it set in the `DEFAULT_PARSER_CLASSES` setting. Note that the `XMLParser` class is not enabled by default, so this change should affect a minority of users.
### 2.2.0
### 2.2.0
**Date**:13th Feb 2013
**Date**:13th Feb 2013
...
@@ -389,6 +398,7 @@ This change will not affect user code, so long as it's following the recommended
...
@@ -389,6 +398,7 @@ This change will not affect user code, so long as it's following the recommended
