From bed2f08c24a13831590ae5fc8cefbb1bca300a96 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Mon, 23 Dec 2013 11:57:25 +0000
Subject: Updated release notes

---
 docs/topics/release-notes.md | 1 +
 1 file changed, 1 insertion(+)

(limited to 'docs/topics/release-notes.md')

diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md
index d1ace116..b09bd0be 100644
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -46,6 +46,7 @@ You can determine your currently installed version using `pip freeze`:
 * Fix compatiblity with newer versions of `django-oauth-plus`.
 * Bugfix: Refine behavior that calls model manager `all()` across nested serializer relationships, preventing erronous behavior with some non-ORM objects, and preventing unneccessary queryset re-evaluations.
 * Bugfix: Allow defaults on BooleanFields to be properly honored when values are not supplied.
+* Bugfix: Prevent double-escaping of non-latin1 URL query params when appending `format=json` params.
 
 ### 2.3.10
 
-- 
cgit v1.2.3


From 0672d6de6e47ba0269a58ad0da3cc7ff4c82908e Mon Sep 17 00:00:00 2001
From: Kevin Brown
Date: Thu, 2 Jan 2014 16:46:57 -0500
Subject: Fix bugfix note

This fixes a bugfix note that was added because of #1293, which
pointed out that a change in a bugfix [1] broke backwards
compatibility.  The bugfix did not work as expected because a
variable was quoted when it should not have been.  This removes
the quotes around the variable, which brings back the expected
functionality.
---
 docs/topics/release-notes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'docs/topics/release-notes.md')

diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md
index b09bd0be..ca966d20 100644
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -98,7 +98,7 @@ You can determine your currently installed version using `pip freeze`:
 
     class DisablePaginationMixin(object):
         def get_paginate_by(self, queryset=None):
-            if self.request.QUERY_PARAMS['self.paginate_by_param'] == '0':
+            if self.request.QUERY_PARAMS[self.paginate_by_param] == '0':
                 return None
             return super(DisablePaginationMixin, self).get_paginate_by(queryset)
 
-- 
cgit v1.2.3


From 85d74fc86a934309359a437dd487193013055977 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Tue, 14 Jan 2014 11:25:44 +0000
Subject: Added write_only and write_only_fields.  Refs #1306

---
 docs/topics/release-notes.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'docs/topics/release-notes.md')

diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md
index ca966d20..cd87c7b2 100644
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -40,8 +40,12 @@ You can determine your currently installed version using `pip freeze`:
 
 ## 2.3.x series
 
-### Master
+### 2.3.11
 
+**Date**: 14th January 2014
+
+* Added `write_only` serializer field argument.
+* Added `write_only_fields` option to `ModelSerializer` classes.
 * JSON renderer now deals with objects that implement a dict-like interface.
 * Fix compatiblity with newer versions of `django-oauth-plus`.
 * Bugfix: Refine behavior that calls model manager `all()` across nested serializer relationships, preventing erronous behavior with some non-ORM objects, and preventing unneccessary queryset re-evaluations.
-- 
cgit v1.2.3


From 71c03b9db97edbde228777981de0ac7b664302de Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Wed, 15 Jan 2014 14:27:41 +0000
Subject: Security update to OrderingFilter

---
 docs/topics/release-notes.md | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'docs/topics/release-notes.md')

diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md
index cd87c7b2..14503148 100644
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -40,6 +40,13 @@ You can determine your currently installed version using `pip freeze`:
 
 ## 2.3.x series
 
+### 2.3.12
+
+**Date**: 15th January 2014
+
+* **Security fix**: `OrderingField` now only allows ordering on readable serializer fields, or on fields explicitly specified using `ordering_fields`. This prevents users being able to order by fields that are not visible in the API, and exploiting the ordering of sensitive data such as password hashes.
+* Bugfix: `write_only = True` fields now display in the browsable API.
+
 ### 2.3.11
 
 **Date**: 14th January 2014
-- 
cgit v1.2.3


From c1148241eee3df1139f9855ee3220c82f60726d5 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Thu, 6 Mar 2014 09:01:05 +0000
Subject: Version 2.3.13

---
 docs/topics/release-notes.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'docs/topics/release-notes.md')

diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md
index 14503148..0010f687 100644
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -40,6 +40,17 @@ You can determine your currently installed version using `pip freeze`:
 
 ## 2.3.x series
 
+### 2.3.13
+
+**Date**: 6th March 2014
+
+* Django 1.7 Support.
+* Fix `default` argument when used with serializer relation fields.
+* Display the media type of the content that is being displayed in the browsable API, rather than 'text/html'.
+* Bugfix for `urlize` template failure when URL regex is matched, but value does not `urlparse`.
+* Use `urandom` for token generation.
+* Only use `Vary: Accept` when more than one renderer exists.
+
 ### 2.3.12
 
 **Date**: 15th January 2014
-- 
cgit v1.2.3


From e45e52a255c0dfbecfc5048697534ffbe0e2648e Mon Sep 17 00:00:00 2001
From: Dmitry Mukhin
Date: Mon, 7 Apr 2014 20:39:45 +0400
Subject: replace page with page_size to avoide confusion

---
 docs/topics/release-notes.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'docs/topics/release-notes.md')

diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md
index 0010f687..2bc8b2d6 100644
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -112,11 +112,11 @@ You can determine your currently installed version using `pip freeze`:
 * Bugfix: `client.force_authenticate(None)` should also clear session info if it exists.
 * Bugfix: Client sending empty string instead of file now clears `FileField`.
 * Bugfix: Empty values on ChoiceFields with `required=False` now consistently return `None`.
-* Bugfix: Clients setting `page=0` now simply returns the default page size, instead of disabling pagination. [*]
+* Bugfix: Clients setting `page_size=0` now simply returns the default page size, instead of disabling pagination. [*]
 
 ---
 
-[*] Note that the change in `page=0` behaviour fixes what is considered to be a bug in how clients can effect the pagination size.  However if you were relying on this behavior you will need to add the following mixin to your list views in order to preserve the existing behavior.
+[*] Note that the change in `page_size=0` behaviour fixes what is considered to be a bug in how clients can effect the pagination size.  However if you were relying on this behavior you will need to add the following mixin to your list views in order to preserve the existing behavior.
 
     class DisablePaginationMixin(object):
         def get_paginate_by(self, queryset=None):
-- 
cgit v1.2.3