Update changelog for Zulip 1.4.1 and 1.4.2 releases.

docs/changelog.md

@@ -4,6 +4,19 @@ All notable changes to the Zulip server are documented in this file.
 
 ### Unreleased
 
+### 1.4.2 - 2016-09-27
+- Upgraded Django to version 1.8.15 (with the Zulip patches applied),
+  fixing a CSRF vulnerability in Django (see
+  https://www.djangoproject.com/weblog/2016/sep/26/security-releases/),
+  and a number of other Django bugs from past Django stable releases
+  that largely affects parts of Django that are not used by Zulip.
+- Fixed buggy logrotate configuration.
+
+### 1.4.1 - 2016-09-03
+- Fixed settings bug upgrading from pre-1.4.0 releases to 1.4.0.
+- Fixed local file uploads integration being broken for new 1.4.0
+  installations.
+
 ### 1.4 - 2016-08-25
 
 - Migrated Zulip's python dependencies to be installed via a virtualenv,

puppet/zulip/files/logrotate/zulip

@@ -1,7 +1,7 @@
 /var/log/zulip/server.log /var/log/zulip/workers.log /var/log/zulip/manage.log {
 	missingok
 	rotate 10
-	size 1GB
+	size 1G
 	compress
 	delaycompress
 	notifempty

requirements/common.txt

@@ -1,6 +1,6 @@
 -r ipython.txt
 # Django itself; we use a slightly patched version
-git+https://github.com/zulip/truncated-django.git
+git+https://github.com/zulip/truncated-django-1.8.15.git@cbf4fa3aef1b17f37d75a70e57f9b69a0f99ed5c#egg=Django==1.8.15
 
 GitPython==0.3.2.1
 

tools/travis/success-http-headers.txt

@@ -24,7 +24,6 @@ Reusing existing connection to localhost:443.
   Content-Type: text/html; charset=utf-8
   Transfer-Encoding: chunked
   Connection: keep-alive
-  Cache-Control: max-age=0
   Strict-Transport-Security: max-age=15768000
 Length: unspecified [text/html]
 Saving to: ‘/tmp/index.html’