chango.git, branch 4.2.26

chango.git, branch 4.2.26 django http://cgit.adnoto.dev/chango.git/atom?h=4.2.26 2025-11-05T12:55:08Z [4.2.x] Bumped version for 4.2.26 release. 2025-11-05T12:55:08Z Natalia 124304+nessita@users.noreply.github.com 2025-11-05T12:55:08Z urn:sha1:0dfd59e2d5c713510c6bcf245e8ac2d5b2043a0a [4.2.x] Refs CVE-2025-64459 -- Avoided propagating invalid arguments to Q on dictionary expansion. 2025-11-05T12:53:33Z Jacob Walls jacobtylerwalls@gmail.com 2025-09-24T19:56:03Z urn:sha1:279f8b9557f0fef9790822b0c38164fc9dfcab2a Backport of 3c3f46357718166069948625354b8315a8505262 from main. [4.2.x] Fixed CVE-2025-64459 -- Prevented SQL injections in Q/QuerySet via the _connector kwarg. 2025-11-05T12:53:18Z Jacob Walls jacobtylerwalls@gmail.com 2025-09-24T19:54:51Z urn:sha1:59ae82e67053d281ff4562a24bbba21299f0a7d4 Thanks cyberstan for the report, Sarah Boyce, Adam Johnson, Simon Charette, and Jake Howard for the reviews. Backport of c880530ddd4fabd5939bab0e148bebe36699432a from main. [4.2.x] Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedirect/HttpResponsePermanentRedirect on Windows. 2025-11-05T12:52:56Z Jacob Walls jacobtylerwalls@gmail.com 2025-10-16T20:28:33Z urn:sha1:770eea38d7a0e9ba9455140b5a9a9e33618226a7 Thanks Seokchan Yoon for the report, Markus Holtermann for the triage, and Jake Howard for the review. Backport of c880530ddd4fabd5939bab0e148bebe36699432a from main. [4.2.x] Skipped test_compressed_file_based_raster_creation() test on GDAL 3.5+. 2025-11-03T20:27:54Z Mariusz Felisiak felisiak.mariusz@gmail.com 2025-11-03T20:27:54Z urn:sha1:80976bd89e9e1fdfb98c4d902ca4dc59bd3d1d46 [4.2.x] Fixed RelatedGeoModelTest.test_related_union_aggregate() crash on Python < 3.10. 2025-11-03T18:40:03Z Mariusz Felisiak felisiak.mariusz@gmail.com 2025-11-03T18:40:03Z urn:sha1:7838add7e15da656e901d20153cd44fa551b627e Regression in 321af4877b62be6849f44e00d1c7e75928e7d3a2. [4.2.x] Added stub release notes and release date for 4.2.26. 2025-10-29T18:04:55Z Jacob Walls jacobtylerwalls@gmail.com 2025-09-24T19:29:09Z urn:sha1:1b50da7e941d015c2eb9e36bfd2913e37726ac1d Backport of ab108bf94dfc06c311d7dc81866b848fe5b5ee6c from main. [4.2.x] Made RemoteTestResultTest.test_pickle_errors_detection() compatible with tblib 3.2+. 2025-10-22T18:22:19Z Mariusz Felisiak felisiak.mariusz@gmail.com 2025-10-21T19:11:44Z urn:sha1:cd3b21bcaccf03a1dc49512bdb8efd796fba8100 tblib 3.2+ makes exception subclasses with __init__() and the default __reduce__() picklable. This broke the test for RemoteTestResult._confirm_picklable(), which expects a specific exception to fail unpickling. https://github.com/ionelmc/python-tblib/blob/master/CHANGELOG.rst#320-2025-10-21 This fix defines ExceptionThatFailsUnpickling.__reduce__() in a way that pickle.dumps(obj) succeeds, but pickle.loads(pickle.dumps(obj)) raises TypeError. Refs #27301. This preserves the intent of the regression test from 52188a5ca6bafea0a66f17baacb315d61c7b99cd without skipping it. Backport of 548209e620b3ca34396a360453f07c8dbb8aa6c7 from main. [4.2.x] Fixed RelatedGeoModelTest.test_related_union_aggregate() test on Oracle and GEOS 3.12+. 2025-10-20T14:08:21Z Mariusz Felisiak felisiak.mariusz@gmail.com 2025-10-20T14:03:39Z urn:sha1:321af4877b62be6849f44e00d1c7e75928e7d3a2 Backport of 344ae16e1e21ab7c0b594d755519738f7f16eaf1 from main [4.2.x] Rewrapped security archive at 79 chars. 2025-10-01T20:25:51Z Mariusz Felisiak felisiak.mariusz@gmail.com 2025-10-01T19:15:57Z urn:sha1:0f6ee3ebfa7254ec3a023f93662a67739dee72d9 Backport of 1499c95d990fb776c39ad60e43228cbbbfcad3a8 from main.