chango.git, branch 5.1 django http://cgit.adnoto.dev/chango.git/atom?h=5.1 2024-08-07T13:22:20Z [5.1.x] Bumped version for 5.1 release. 2024-08-07T13:22:20Z Natalia 124304+nessita@users.noreply.github.com 2024-08-07T13:22:20Z urn:sha1:373cb3037fe4e67adbac9ac43340391e859aa957 [5.1.x] Finalized release notes for Django 5.1. 2024-08-07T13:12:37Z Natalia 124304+nessita@users.noreply.github.com 2024-08-07T13:04:18Z urn:sha1:8baab82fc2cb790cf3e2dd853e97e17d7c47dd07 Backport of 8ad6dc636bd29825937e02b5b689fb278f456f63 from main. [5.1.x] Fixed i18n.tests.TranslationTests.test_plural to use correct French translation. 2024-08-07T12:56:31Z Natalia 124304+nessita@users.noreply.github.com 2024-08-06T18:25:19Z urn:sha1:d5ad743e798fadc83663f016023cd124eadc366c [5.1.x] Updated translations from Transifex. 2024-08-07T12:56:31Z Natalia 124304+nessita@users.noreply.github.com 2024-07-30T19:21:58Z urn:sha1:380c6e6ddd7890fbe65826873579ef6e3af0c07d [5.1.x] Added CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, and CVE-2024-42005 to security archive. 2024-08-06T15:26:38Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2024-08-06T15:22:46Z urn:sha1:d787e44e1e8e8c578ef1feb630164ef009e775d1 Backport of fdc638bf4a35b5497d0b3b4faedaf552da792f99 from main. [5.1.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields. 2024-08-06T06:51:22Z Simon Charette charette.s@gmail.com 2024-07-25T16:19:13Z urn:sha1:e2583fbc2ebffce11b4444a7cec6336513e81f8b Thanks Eyal (eyalgabay) for the report. [5.1.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget. 2024-08-06T06:51:22Z Mariusz Felisiak felisiak.mariusz@gmail.com 2024-07-10T18:30:12Z urn:sha1:bd807c0c25ab69361a4c08edcc1cf04d4652aa0a Thanks Seokchan Yoon for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> [5.1.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 2024-08-06T06:51:22Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2024-07-18T11:19:34Z urn:sha1:0c1a8909164d8f2846322efb1143b72ad1616bd8 Thanks to MProgrammer for the report. [5.1.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat. 2024-08-06T06:51:22Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2024-07-12T09:38:34Z urn:sha1:0504af64292071e1a9565193ea8265c60600f7d7 Thanks Elias Myllymäki for the report. Co-authored-by: Shai Berger <shai@platonix.com> [5.1.x] Fixed #35657 -- Made FileField handle db_default values. 2024-08-05T19:37:26Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2024-08-05T19:36:49Z urn:sha1:2ba4f4b0b550a98f10deac47c1bbddccbc7365cd Backport of 8deb6bb1fc427762d56646bf7306cbd11fb5bb68 from main.