django.git, branch 3.2.18django
http://cgit.adnoto.dev/django.git/atom?h=3.2.182023-02-14T08:04:22Z[3.2.x] Bumped version for 3.2.18 release.2023-02-14T08:04:22ZCarlton Gibsoncarlton.gibson@noumenal.es2023-02-14T08:04:22Zurn:sha1:722e9f8a38f5b34f2423059a75f8a59bb8eb931a[3.2.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.2023-02-07T09:39:25ZMarkus Holtermanninfo@markusholtermann.eu2022-12-13T09:27:39Zurn:sha1:a665ed5179f5bbd3db95ce67286d0192eff041d8
Thanks to Jakob Ackermann for the report.
[3.2.x] Added stub release notes for 3.2.18.2023-02-07T09:14:53ZCarlton Gibsoncarlton.gibson@noumenal.es2023-02-02T10:54:09Zurn:sha1:932b5bd52d8d7e9255264fdbf425e322efac0b97
Backport of 7e003428f96d616c1f77fed84882a95e63bc3644 from main
[3.2.x] Added CVE-2023-23969 to security archive.2023-02-01T11:11:00ZMariusz Felisiakfelisiak.mariusz@gmail.com2023-02-01T11:09:03Zurn:sha1:c35a5788f4c17c580976458b0b04210a91133d20
Backport of 36e3eef7d5a4c88671d20a561788679d0d9c334c from main
[3.2.x] Post-release version bump.2023-02-01T09:00:34ZMariusz Felisiakfelisiak.mariusz@gmail.com2023-02-01T09:00:34Zurn:sha1:9bd8db3940f529aebafb348c7d6786f29a288916[3.2.x] Bumped version for 3.2.17 release.2023-02-01T08:58:36ZMariusz Felisiakfelisiak.mariusz@gmail.com2023-02-01T08:58:36Zurn:sha1:aed1bb56d118937d5d6f3ec72f170779dd8c74cd[3.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language.2023-02-01T08:48:18ZNick Popenick@nickpope.me.uk2023-01-25T11:21:48Zurn:sha1:c7e0151fdf33e1b11d488b6f67b94fdf3a30614a
The parsed values of Accept-Language headers are cached in order to
avoid repetitive parsing. This leads to a potential denial-of-service
vector via excessive memory usage if the raw value of Accept-Language
headers is very large.
Accept-Language headers are now limited to a maximum length in order
to avoid this issue.
[3.2.x] Fixed inspectdb.tests.InspectDBTestCase.test_custom_fields() on SQLite 3.37+.2023-01-31T14:32:01ZMariusz Felisiakfelisiak.mariusz@gmail.com2021-12-09T19:24:38Zurn:sha1:9da46345d83e5d9ecb60512efb2d2e0b2b02b974
Use FlexibleFieldLookupDict which is case-insensitive mapping because
SQLite 3.37+ returns some data type names upper-cased e.g. TEXT.
Backport of 974e3b8750fe96c16c9c0b115a72ee4a2171df34 from main
[3.2.x] Removed 'tests' path prefix in a couple tests.2023-01-31T14:28:16ZTim Grahamtimograham@gmail.com2022-05-02T01:44:04Zurn:sha1:4c2b26174f044adc4a6461154385720479eaee55
Backport of 694cf458f16b8d340a3195244196980b2dec34fd from main.
[3.2.x] Adjusted release notes for 3.2.17.2023-01-25T11:29:59ZCarlton Gibsoncarlton.gibson@noumenal.es2023-01-25T11:26:00Zurn:sha1:d21543182d2cb9947650ecc48c068d1bfb7d0311
Backport of d8e1442ce2c56282785dd806e5c1147975e8c857 from main