An attacker was able to use a `field_id` from a "secret" field
and use if on any even the default public select2 view and
receive the data without authentication.
These changes introduce additional (optional) configuration parameters.
The parameters allow the user of the library to select different JS/CSS
libraries from the ones shipped. In particular, this allows serving from
the local server and/or in private-network-only environments.
Refs #220Closed#239
The old multiprocessing support was hard to maintain.
Since signing and caching are part of `django.core`
there is really no need to stick to our own solution.
As a result multimachine support and security are now always in place.
Fields are stored in Django's cache. The default cache used by select2
is called 'default' but can be cachanged overwriting the setting
`SELECT2_CACHE_BACKEND`.
Recommended cache backends are memcached, redis or a DB-cache.
Refactored AutoResponseView
The main reason for this refactoring is
the fact that the pagingnation was slow.
I dropped major parts of the initial code
and wrote a more django-like-approach.
Noteabley:
- get_results now retuns a QuerySet
- This commit drops django 1.6 support in favour of the JsonResponse (Backporting is possible).
