django.git, branch 4.2.17

django.git, branch 4.2.17 django http://cgit.adnoto.dev/django.git/atom?h=4.2.17 2024-12-04T13:34:11Z [4.2.x] Bumped version for 4.2.17 release. 2024-12-04T13:34:11Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2024-12-04T13:34:11Z urn:sha1:1f0356ff2af11a5fa71fb07b4627e10edd170438 [4.2.x] Fixed CVE-2024-53908 -- Prevented SQL injections in direct HasKeyLookup usage on Oracle. 2024-12-04T13:32:17Z Simon Charette charette.s@gmail.com 2024-11-09T02:27:31Z urn:sha1:7376bcbf508883282ffcc0f0fac5cf0ed2d6cbc5 Thanks Seokchan Yoon for the report, and Mariusz Felisiak and Sarah Boyce for the reviews. [4.2.x] Fixed CVE-2024-53907 -- Mitigated potential DoS in strip_tags(). 2024-12-04T13:32:08Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2024-11-13T14:06:23Z urn:sha1:790eb058b0716c536a2f2e8d1c6d5079d776c22b Thanks to jiangniao for the report, and Shai Berger and Natalia Bidart for the reviews. [4.2.x] Refs CVE-2024-11168 -- Updated vendored _urlsplit() to properly validate IPv6 and IPvFuture addresses. 2024-12-03T08:50:11Z Mariusz Felisiak felisiak.mariusz@gmail.com 2024-12-01T11:31:12Z urn:sha1:f663277a4c22ef96cbdebfd0ed76155b9d37b4f8 Refs Python CVE-2024-11168. Django should not affected, but others who incorrectly use internal function _urlsplit() with unsanitized input could be at risk. https://github.com/python/cpython/pull/103849 [4.2.x] Added stub release notes and release date for 4.2.17. 2024-11-27T14:48:50Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2024-11-27T13:30:12Z urn:sha1:0acff0fd1f5ad09367aacb51b2b68699c6ce7929 Backport of 2544c1585473c1e82dab1274b52052744f97ca72 from main. [4.2.x] Fixed docs build on Sphinx 8.1+. 2024-11-26T13:09:37Z Mariusz Felisiak felisiak.mariusz@gmail.com 2024-10-11T11:50:51Z urn:sha1:b381b19854f32c9ff03e6bd98865ddffbb7e7082 Sphinx 8.1 added :cve: role, so there is no need to define it in Django: - https://github.com/sphinx-doc/sphinx/pull/11781 This also changes used URL to the one used by Python and soonish to be used by Sphinx itself: - https://github.com/sphinx-doc/sphinx/pull/13006 Backport of 263f7319192b217c4e3b1eea0ea7809836392bbc from main. [4.2.x] Refs #35844 -- Expanded compatibility for expected error messages in command tests on Python 3.12. 2024-10-30T10:32:52Z Tainara Palmeira tainarapalmeirag@gmail.com 2024-10-28T13:46:20Z urn:sha1:ea4a1fb61e0bc6a4294a0123b82183da947e5efb Updated CommandTests.test_subparser_invalid_option and CommandDBOptionChoiceTests.test_invalid_choice_db_option to use assertRaisesRegex() for compatibility with modified error messages in Python 3.12, 3.13, and 3.14+.. Backport of fc22fdd34f1e55adde161f5f2dca8db90bbfce80 from main. [4.2.x] Added GitHub Action workflow to test all Python versions listed in the project config file. 2024-10-09T17:33:48Z nessita 124304+nessita@users.noreply.github.com 2024-10-09T17:33:48Z urn:sha1:345a6652e6a15febbf4f68351dcea5dd674ea324 Backport of 470f4c2436e00873a31673a5992c5260b2de4e97 from main. [4.2.x] Added CVE-2024-45230 and CVE-2024-45231 to security archive. 2024-09-03T14:25:06Z Natalia 124304+nessita@users.noreply.github.com 2024-09-03T14:19:02Z urn:sha1:52116774549e27ac5d1ba9423e2fe61c5503a4a4 Backport of aa5293068782dfa2d2173c75c8477f58a9989942 from main. [4.2.x] Post-release version bump. 2024-09-03T12:46:50Z Natalia 124304+nessita@users.noreply.github.com 2024-09-03T12:46:50Z urn:sha1:8f6c36234deef30fad171f80d130eb7c296df526