django http://cgit.adnoto.dev/django.git/atom?h=stable%2F5.2.x 2026-04-30T14:23:28Z 2026-04-30T14:23:28Z Jacob Walls jacobtylerwalls@gmail.com 2026-04-30T14:20:52Z urn:sha1:ed18840c8cd1be81fdb3955cbfc9459989d6df68 Backport of 8726605e2d48fd733ae224344a11cc2163012f2d from main. 2026-04-28T15:32:49Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2026-04-28T15:26:47Z urn:sha1:de3f622b7fa72aee68650f15263f2788b626680a Backport of e8c6322b4f2ab4df610bb480003a54c88f32210e from main. 2026-04-08T17:40:03Z Jacob Walls jacobtylerwalls@gmail.com 2026-04-08T13:30:10Z urn:sha1:fb61c8a6e902abc885048a1a78592a4bd4329f87 As originally written, this test interfered with admin_views.tests.SeleniumTests.test_inline_uuid_pk_add_with_popup. To fix this, register the new ModelAdmin with a different AdminSite. Backport of 280256499c5b2d636949f3c8cb52159a8e4c26bb from main. 2026-04-07T17:52:44Z Natalia 124304+nessita@users.noreply.github.com 2026-04-07T14:19:28Z urn:sha1:bd1a7583061a96059ea560eb7b59bebce4240778 The artifacts downloaded from media.djangoproject.com use a lowercase "django-" prefix but the script searched for capital D. Error was: "ls: cannot access 'Django-*.tar.gz': No such file or directory" The tarball and wheel smoke-tests used the same `test_one` folder inside the same working directory, so the second invocation failed with "CommandError: '/tmp/tmp.1234567890' already exists". Backport of 78a3ffbb4cec25ed003f16cf4b1aa0b4bcdc2590 from main. 2026-04-07T12:52:02Z Jacob Walls jacobtylerwalls@gmail.com 2026-04-07T12:51:05Z urn:sha1:da57aaad76e674fdb01b741974acf229d3ac4132 Backport of 3330dc2dd97f60ab32d3c912d2649859d063265c from main. 2026-04-07T11:38:14Z Jacob Walls jacobtylerwalls@gmail.com 2026-04-07T11:38:14Z urn:sha1:c9a8bdbc4839a442b1a0453bd8ed38def4776139 2026-04-07T11:36:41Z Jacob Walls jacobtylerwalls@gmail.com 2026-04-07T11:36:41Z urn:sha1:7d831a9eeb88a6bf484af7b56fe29596bdbf09a6 2026-04-07T11:34:17Z Natalia 124304+nessita@users.noreply.github.com 2026-03-11T13:26:18Z urn:sha1:49e1e2b548999a35a025f9682598946bda9e9921 The `body` property in `HttpRequest` checks DATA_UPLOAD_MAX_MEMORY_SIZE against the declared `Content-Length` header before reading. On the ASGI path, chunked requests carry no `Content-Length`, so the check evaluated to 0 and always passed regardless of the actual body size. This work adds a new check on the actual number of bytes consumed. Thanks to Superior for the report, and to Jake Howard and Jacob Walls for reviews. Backport of 953c238058c0ce387a1a41cb491bfc1875d73ad0 from main. 2026-04-07T11:33:47Z Natalia 124304+nessita@users.noreply.github.com 2026-03-05T17:41:44Z urn:sha1:0b467893bdde69a2d23034338e76021a1e4f4322 When a multipart file part used `Content-Transfer-Encoding: base64` and the non-whitespace base64 bytes did not align to a multiple of 4 within a chunk, the parser entered a loop calling `field_stream.read(1-3)` once per whitespace byte. Each such call fetched the entire internal buffer, sliced off 1-3 bytes, and pushed the remainder back via unget(), doing an O(n) memory copy per call. A 2.5 MB payload of mostly whitespace produced CPU amplification relative to a normal upload of the same size. The alignment loop now reads `self._chunk_size` bytes at a time, and accumulates stripped parts in a list joined once at the end. Thanks to Seokchan Yoon for the report and the fixing patch. Backport of 7e9885f99cee771b51692fadc5592bdbf19641aa from main. 2026-04-07T11:33:08Z Jacob Walls jacobtylerwalls@gmail.com 2026-03-16T22:05:22Z urn:sha1:397c22048244db2cd4bb78f570e6c72a3967bf36 Thanks Natalia Bidart, Jake Howard, and Markus Holtermann for reviews. Backport of 6afe7ce93964f56e33a29d477c269436f9b60cbf from main.