django.git, branch 4.2.25

django.git, branch 4.2.25 django http://cgit.adnoto.dev/django.git/atom?h=4.2.25 2025-10-01T13:06:47Z [4.2.x] Bumped version for 4.2.25 release. 2025-10-01T13:06:47Z Jacob Walls jacobtylerwalls@gmail.com 2025-10-01T13:06:47Z urn:sha1:57d20b2485e7cd2f029dbf49fb5510b2a6f12c48 [4.2.x] Fixed CVE-2025-59682 -- Fixed potential partial directory-traversal via archive.extract(). 2025-10-01T13:06:00Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2025-09-16T15:13:36Z urn:sha1:9504bbaa392c9fe37eee9291f5b4c29eb6037619 Thanks stackered for the report. Follow up to 05413afa8c18cdb978fcdf470e09f7a12b234a23. Backport of 924a0c092e65fa2d0953fd1855d2dc8786d94de2 from main. [4.2.x] Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggregate(), and extra() against SQL injection in column aliases on MySQL/MariaDB. 2025-10-01T13:05:20Z Mariusz Felisiak felisiak.mariusz@gmail.com 2025-09-10T07:53:52Z urn:sha1:38d9ef8c7b5cb6ef51b933e51a20e0e0063f33d5 Thanks sw0rd1ight for the report. Follow up to 93cae5cb2f9a4ef1514cf1a41f714fef08005200. Backport of 41b43c74bda19753c757036673ea9db74acf494a from main. [4.2.x] Added stub release notes and release date for 4.2.25. 2025-09-24T15:48:20Z Mariusz Felisiak felisiak.mariusz@gmail.com 2025-09-12T17:28:20Z urn:sha1:7c7d2a4a1056412bac063474f583b44b9a109e8d Backport of 00174507f8a91e9577ae233c58af561b379f2695 from main. [4.2.x] Added missing backticks in docs/releases/security.txt. 2025-09-04T09:11:25Z Mariusz Felisiak felisiak.mariusz@gmail.com 2025-09-04T09:10:09Z urn:sha1:3e27d614dd4783a3542c03ac7ea50f112643d54f Backport of 686a8a62ae7faba9c3b17080c3532b821e8cb1f3 from main [4.2.x] Added CVE-2025-57833 to security archive. 2025-09-03T13:30:45Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2025-09-03T13:26:45Z urn:sha1:07e5fb9f56ccfc6d315dfeff20bf5ca699ded8db Backport of f0c05a40d27d69ef3a7b4e5e0199b5dba5b11feb from main. [4.2.x] Post-release version bump. 2025-09-03T11:49:40Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2025-09-03T11:49:40Z urn:sha1:5636e82896fa40c1226eb4e18050daf8b777ec8c [4.2.x] Bumped version for 4.2.24 release. 2025-09-03T11:41:22Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2025-09-03T11:41:22Z urn:sha1:5e23d8900201ba10bf76adf825179c72cbf2e1e2 [4.2.x] Fixed CVE-2025-57833 -- Protected FilteredRelation against SQL injection in column aliases. 2025-09-03T11:39:26Z Jake Howard git@theorangeone.net 2025-08-13T12:13:42Z urn:sha1:31334e6965ad136a5e369993b01721499c5d1a92 Thanks Eyal Gabay (EyalSec) for the report. Backport of 51711717098d3f469f795dfa6bc3758b24f69ef7 from main. [4.2.x] Added stub release notes and release date for 4.2.24. 2025-08-27T14:13:26Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2025-08-14T12:02:05Z urn:sha1:d5860d55ebe3623e6c6f8d6c5a1cdb28ae4a7505 Backport of 4c71e334401a3e83c013419d0e2211543e7e873b from main.