django http://cgit.adnoto.dev/chango.git/atom?h=5.1.1 2024-09-03T12:26:51Z 2024-09-03T12:26:51Z Natalia 124304+nessita@users.noreply.github.com 2024-09-03T12:26:51Z urn:sha1:1e1d791787e27227124ac6067de3bfc81175ce02 2024-09-03T12:24:21Z Natalia 124304+nessita@users.noreply.github.com 2024-08-19T17:47:38Z urn:sha1:3c733c78d6f8e50296d6e248968b6516c92a53ca On successful submission of a password reset request, an email is sent to the accounts known to the system. If sending this email fails (due to email backend misconfiguration, service provider outage, network issues, etc.), an attacker might exploit this by detecting which password reset requests succeed and which ones generate a 500 error response. Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam Johnson, and Sarah Boyce for the reviews. 2024-09-03T12:24:13Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2024-08-12T13:17:57Z urn:sha1:022ab0a75c76ab2ea31dfcc5f2cf5501e378d397 Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. 2024-08-30T18:52:41Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2024-08-29T17:01:10Z urn:sha1:62039659603ca0fa2df796d1732c4b414549c52b Regression in 01ed59f753139afb514170ee7f7384c155ecbc2d. Thank you to Fábio Domingues and Marijke Luttekes for the report, and thank you to Natalia Bidart for the review. Backport of fd1dd767783b5a7ec1a594fcc5885e7e4178dd26 from main. 2024-08-28T22:25:55Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2024-08-19T14:51:31Z urn:sha1:26c06671d9f9ff679be5e290b0752a45e582ce0c Following the addition of PostgreSQL connection pool support in Refs #33497, the methods for configuring the database role and timezone were moved to module-level functions. This change prevented subclasses of DatabaseWrapper from overriding these methods as needed, for example, when creating wrappers for other PostgreSQL-based backends. Thank you Christian Hardenberg for the report and to Florian Apolloner and Natalia Bidart for the review. Regression in fad334e1a9b54ea1acb8cce02a25934c5acfe99f. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Backport of 7380ac57340653854bc2cfe0ed80298cdac6061d from main. 2024-08-28T18:56:35Z Adam Johnson me@adamj.eu 2024-08-28T18:55:30Z urn:sha1:fcb71a76cc1f599f7abbce33e52d4e609d936b40 Backport of 26a67943ac5c2f196621220b24f4314d84471d07 from main. 2024-08-28T18:26:55Z Jacob Walls jacobtylerwalls@gmail.com 2024-08-28T18:24:07Z urn:sha1:9b09a4fd95310eb4d41430bdd5972047184b3aab Backport of 920efe503f8a1b16a497a792075c987080f3280a from main. 2024-08-28T14:47:15Z Simon Charette charette.s@gmail.com 2024-08-09T17:03:24Z urn:sha1:9a461cae3e5536cbacafa53dbd290ff68df22e67 Over the years we've had multiple instances of hit and misses when emitting warnings: either setting the wrong stacklevel or not setting it at all. This work adds assertions for the existing warnings that were declaring the correct stacklevel, but were lacking tests for it. Backport of 57307bbc7d88927989cf5b314f16d6e13ade04e6 from main. 2024-08-28T14:46:49Z Simon Charette charette.s@gmail.com 2024-08-09T16:55:40Z urn:sha1:dd58edcc373afe57a56bf7c2374a4fc8446e80e9 Backport of 39abd56a7fb1e2f735040df0fdfc08f57d91a49b from main. 2024-08-28T14:46:23Z Simon Charette charette.s@gmail.com 2024-08-09T16:45:44Z urn:sha1:8f5d2c374a150fca063443292cdf2618026bda42 Backport of 47f18a722624527cc72eef44cfc9d1e07ea4b4e0 from main.