django.git, branch 3.2.13

django.git, branch 3.2.13 django http://cgit.adnoto.dev/django.git/atom?h=3.2.13 2022-04-11T07:13:55Z [3.2.x] Bumped version for 3.2.13 release. 2022-04-11T07:13:55Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-04-11T07:13:55Z urn:sha1:08e6073f878264a0c091da0d3db456820252ef6c [3.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 2022-04-11T07:12:58Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-04-01T11:48:47Z urn:sha1:9e19accb6e0a00ba77d5a95a91675bf18877c72d Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main. [3.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. 2022-04-11T07:12:06Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-04-01T06:10:22Z urn:sha1:2044dac5c6968441be6f534c4139bcf48c5c7e48 Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report. Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main. [3.2.x] Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes. 2022-04-11T06:34:01Z Manel Clos manelclos@gmail.com 2022-04-09T09:36:26Z urn:sha1:bdb92dba0b07e2bac17795f0d515eb9d105addf8 Regression in 68357b2ca9e88c40fc00d848799813241be39129. Backport of 62739b6e2630e37faa68a86a59fad135cc788cd7 from main. [3.2.x] Added stub release notes for 3.2.13 and 2.2.28. 2022-04-04T08:51:06Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-04-01T06:37:19Z urn:sha1:70035fb0444ae7c01613374212ca5e3c27c9782c Backport of 78277faafd38d8360efc1fd0c9c52d7bb5eec002 from main [3.2.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+." 2022-03-26T11:29:03Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-03-26T11:27:30Z urn:sha1:7e7ea71a8da850e1178a758d073b1395d57f12ec This reverts commit 1d9d082acf6e152c06833bb9698f88d688b95e40. Backport of abfdb4d7f384fb06ed9b7ca37b548542df7b5dda from main [3.2.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+. 2022-03-25T07:51:41Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-03-25T07:48:32Z urn:sha1:610ecc9053061f7c011cf90c0fa692842e2c9177 See https://github.com/pallets/jinja/pull/1621. Backport of 1d9d082acf6e152c06833bb9698f88d688b95e40 from main [3.2.x] Fixed typo in release notes. 2022-02-02T06:19:30Z David Smith 39445562+smithdc1@users.noreply.github.com 2022-02-02T06:17:57Z urn:sha1:754af45773d644cce6b6c0095a391615d3f49850 Backport of 770d3e6a4ce8e0a91a9e27156036c1985e74d4a3 from main. [3.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive. 2022-02-01T07:53:32Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-02-01T07:17:25Z urn:sha1:6f309165e50378c41bc2d6190353d4dbcabcb8d1 Backport of 9e0df0d6dde441dbbad2b548d777e0a01d633286 from main [3.2.x] Post-release version bump. 2022-02-01T07:05:56Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-02-01T07:05:56Z urn:sha1:1e6b555c92fd39c9e11b5a27600a87ac964eb2bb