django.git, branch 2.2.24 django http://cgit.adnoto.dev/django.git/atom?h=2.2.24 2021-06-02T08:28:20Z [2.2.x] Bumped version for 2.2.24 release. 2021-06-02T08:28:20Z Carlton Gibson carlton.gibson@noumenal.es 2021-06-02T08:28:20Z urn:sha1:2da029d8540ab0b2e9edcba25c4d46c52853197f [2.2.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses. 2021-06-02T08:26:22Z Mariusz Felisiak felisiak.mariusz@gmail.com 2021-05-25T09:57:59Z urn:sha1:f27c38ab5d90f68c9dd60cabef248a570c0be8fc validate_ipv4_address() was affected only on Python < 3.9.5, see [1]. URLValidator() uses a regular expressions and it was affected on all Python versions. [1] https://bugs.python.org/issue36384 [2.2.x] Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView. 2021-06-02T08:26:22Z Florian Apolloner florian@apolloner.eu 2021-05-25T09:55:06Z urn:sha1:053cc9534d174dc89daba36724ed2dcb36755b90 [2.2.x] Confirmed release date for Django 2.2.24. 2021-06-02T08:23:20Z Carlton Gibson carlton.gibson@noumenal.es 2021-06-02T08:19:19Z urn:sha1:6229d8794ff7d3f471e29811857d72e67f24b608 Backport of f66ae7a2d5558fe88ddfe639a610573872be6628 from main. [2.2.x] Added stub release notes and date for Django 2.2.24. 2021-05-26T08:21:53Z Carlton Gibson carlton.gibson@noumenal.es 2021-05-25T08:38:20Z urn:sha1:f163ad5c638f79d3fd0e76bed0e15e6928fae1f5 Backport of b46dbd4e3e255223078ae0028934ea986e19ebc1 from main [2.2.x] Changed IRC references to Libera.Chat. 2021-05-20T10:42:48Z Mariusz Felisiak felisiak.mariusz@gmail.com 2021-05-20T10:23:36Z urn:sha1:bed1755bc596b8c83351471e4276386b2e6643c0 Backport of 66491f08fe86629fa25977bb3dddda06959f65e7 from main. [2.2.x] Refs #32718 -- Fixed file_storage.test_generate_filename and model_fields.test_filefield tests on Python 3.5. 2021-05-14T04:59:11Z Mariusz Felisiak felisiak.mariusz@gmail.com 2021-05-14T04:57:31Z urn:sha1:63f0d7a0f6b6d762b8c15894c531b687ac843c66 [2.2.x] Post-release version bump. 2021-05-13T07:22:34Z Mariusz Felisiak felisiak.mariusz@gmail.com 2021-05-13T07:22:34Z urn:sha1:5fe4970bd0b64a24ed6f9f18db3d4a80b5ac0a78 [2.2.x] Bumped version for 2.2.23 release. 2021-05-13T07:19:56Z Mariusz Felisiak felisiak.mariusz@gmail.com 2021-05-13T07:19:56Z urn:sha1:61f814f9fab554d10f1e2c193bcf3a5c56c4e9ef [2.2.x] Fixed #32718 -- Relaxed file name validation in FileField. 2021-05-13T07:00:25Z Mariusz Felisiak felisiak.mariusz@gmail.com 2021-05-13T06:53:44Z urn:sha1:b8ecb0643619a0650a4447b282478ce5257856e2 - Validate filename returned by FileField.upload_to() not a filename passed to the FileField.generate_filename() (upload_to() may completely ignored passed filename). - Allow relative paths (without dot segments) in the generated filename. Thanks to Jakub Kleň for the report and review. Thanks to all folks for checking this patch on existing projects. Thanks Florian Apolloner and Markus Holtermann for the discussion and implementation idea. Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3. Backport of b55699968fc9ee985384c64e37f6cc74a0a23683 from main.