chango.git, branch 5.1.14 django http://cgit.adnoto.dev/chango.git/atom?h=5.1.14 2025-11-05T12:46:34Z [5.1.x] Bumped version for 5.1.14 release. 2025-11-05T12:46:34Z Natalia 124304+nessita@users.noreply.github.com 2025-11-05T12:46:34Z urn:sha1:da443c4d5472dfc5afe2567b59123da8372715fe [5.1.x] Refs CVE-2025-64459 -- Avoided propagating invalid arguments to Q on dictionary expansion. 2025-11-05T12:44:35Z Jacob Walls jacobtylerwalls@gmail.com 2025-09-24T19:56:03Z urn:sha1:4624ed769c0f7caea0d48ac824a75fa6b6f17671 Backport of 3c3f46357718166069948625354b8315a8505262 from main. [5.1.x] Fixed CVE-2025-64459 -- Prevented SQL injections in Q/QuerySet via the _connector kwarg. 2025-11-05T12:44:22Z Jacob Walls jacobtylerwalls@gmail.com 2025-09-24T19:54:51Z urn:sha1:72d2c87431f2ae0431d65d0ec792047f078c8241 Thanks cyberstan for the report, Sarah Boyce, Adam Johnson, Simon Charette, and Jake Howard for the reviews. Backport of c880530ddd4fabd5939bab0e148bebe36699432a from main. [5.1.x] Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedirect/HttpResponsePermanentRedirect on Windows. 2025-11-05T12:43:51Z Jacob Walls jacobtylerwalls@gmail.com 2025-10-16T20:28:33Z urn:sha1:3790593781d26168e7306b5b2f8ea0309de16242 Thanks Seokchan Yoon for the report, Markus Holtermann for the triage, and Jake Howard for the review. Follow-up to CVE-2025-27556 and 39e2297210d9d2938c75fc911d45f0e863dc4821. Backport of c880530ddd4fabd5939bab0e148bebe36699432a from main. [5.1.x] Added stub release notes and release date for 5.1.14 and 4.2.26. 2025-10-29T18:01:46Z Jacob Walls jacobtylerwalls@gmail.com 2025-09-24T19:29:09Z urn:sha1:ec3420edfa5706b67d0245330bfa963766763f7d Backport of ab108bf94dfc06c311d7dc81866b848fe5b5ee6c from main. [5.1.x] Made RemoteTestResultTest.test_pickle_errors_detection() compatible with tblib 3.2+. 2025-10-22T18:21:29Z Mariusz Felisiak felisiak.mariusz@gmail.com 2025-10-21T19:11:44Z urn:sha1:c361494cbb134540f2f35a6364ea9259f0084a58 tblib 3.2+ makes exception subclasses with __init__() and the default __reduce__() picklable. This broke the test for RemoteTestResult._confirm_picklable(), which expects a specific exception to fail unpickling. https://github.com/ionelmc/python-tblib/blob/master/CHANGELOG.rst#320-2025-10-21 This fix defines ExceptionThatFailsUnpickling.__reduce__() in a way that pickle.dumps(obj) succeeds, but pickle.loads(pickle.dumps(obj)) raises TypeError. Refs #27301. This preserves the intent of the regression test from 52188a5ca6bafea0a66f17baacb315d61c7b99cd without skipping it. Backport of 548209e620b3ca34396a360453f07c8dbb8aa6c7 from main. [5.1.x] Fixed RelatedGeoModelTest.test_related_union_aggregate() test on Oracle and GEOS 3.12+. 2025-10-20T14:06:52Z Mariusz Felisiak felisiak.mariusz@gmail.com 2025-10-20T14:03:39Z urn:sha1:a6294d7d26536f37d08d39e2d607cc49eaff8435 Backport of 344ae16e1e21ab7c0b594d755519738f7f16eaf1 from main [5.1.x] Refs #36646 -- Doc'd that oracledb < 3.3.0 is required. 2025-10-10T21:08:19Z Mariusz Felisiak felisiak.mariusz@gmail.com 2025-10-10T21:08:19Z urn:sha1:99e033694c54b5d0e2cfd796ce598cc1e6c9af4a [5.1.x] Fixed OGRInspectTest.test_time_field with memory Spatialite database. 2025-10-10T14:05:35Z David Smith smithdc@gmail.com 2025-08-24T07:23:54Z urn:sha1:475f61f78bb50a46ed57f03da8fb442305ca4117 Backport of 82b3b84a78055844ee07d5d97843a4fc72872e28 from main [5.1.x] Fixed #35961 -- Migrated license metadata in pyproject.toml to conform PEP 639. 2025-10-08T19:44:11Z Michiel W. Beijen mb@x14.nl 2024-12-06T19:54:41Z urn:sha1:7da2bf97d69e7f2af5da55cbc952b5a7ba9fdcf4 See https://peps.python.org/pep-0639/ and https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#license-and-license-files. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com> Backport of 96a7a652166bece8acc96d6335ebb8091de2f496 from main.