django.git/django/core/files/storage/filesystem.py, branch main django http://cgit.adnoto.dev/django.git/atom?h=main 2026-03-03T12:09:32Z Fixed CVE-2026-25674 -- Prevented potentially incorrect permissions on file system object creation. 2026-03-03T12:09:32Z Natalia 124304+nessita@users.noreply.github.com 2026-01-21T21:03:20Z urn:sha1:019e44f67a8dace67b786e2818938c8691132988 This fix introduces `safe_makedirs()` in the `os` utils as a safer alternative to `os.makedirs()` that avoids umask-related race conditions in multi-threaded environments. This is a workaround for https://github.com/python/cpython/issues/86533 and the solution is based on the fix being proposed for CPython. Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> Co-authored-by: Zackery Spytz <zspytz@gmail.com> Refs CVE-2020-24583 and #31921. Thanks Tarek Nakkouch for the report, and Jake Howard, Jacob Walls, and Shai Berger for reviews. Refs #36500 -- Rewrapped long docstrings and block comments via a script. 2025-07-23T23:17:55Z django-bot ops@djangoproject.com 2025-07-23T03:41:41Z urn:sha1:69a93a88edb56ba47f624dac7a21aacc47ea474f Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505. Refs #36005 -- Used datetime.UTC alias instead of datetime.timezone.utc. 2025-02-18T07:35:36Z Mariusz Felisiak felisiak.mariusz@gmail.com 2025-02-18T07:35:36Z urn:sha1:efb7f9ced2dcf71294353596a265e3fd67faffeb datetime.UTC was added in Python 3.11. Fixed #36191 -- Truncated the overwritten file content in FileSystemStorage. 2025-02-17T13:01:00Z Gaƫl Utard gael.utard@eedf.fr 2025-02-15T14:55:33Z urn:sha1:0d1dd6bba0c18b7feb6caa5cbd8df80fbac54afd Refs #35326 -- Removed FileSystemStorage.OS_OPEN_FLAGS per deprecation timeline. 2025-01-15T21:28:37Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2024-12-12T15:26:06Z urn:sha1:17ae61a5d4ec75ac5e40363cc76b04c191b50d3d Refs #35326 -- Adjusted deprecation warning stacklevel in FileSystemStorage.OS_OPEN_FLAGS. 2024-08-28T14:44:05Z Simon Charette charette.s@gmail.com 2024-08-09T16:45:44Z urn:sha1:47f18a722624527cc72eef44cfc9d1e07ea4b4e0 Fixed #35604, Refs #35326 -- Made FileSystemStorage.exists() behaviour independent from allow_overwrite. 2024-07-24T12:55:10Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2024-07-16T08:41:20Z urn:sha1:8d6a20b656ff3fa18e36954668a44a831c2f6ddd Partially reverts 0b33a3abc2ca7d68a24f6d0772bc2b9fa603744e. Storage.exists(name) was documented to "return False if the name is available for a new file." but return True if the file exists. This is ambiguous in the overwrite file case. It will now always return whether the file exists. Thank you to Natalia Bidart and Josh Schneier for the review. Fixed #35326 -- Added allow_overwrite parameter to FileSystemStorage. 2024-05-21T05:28:12Z Ben Cail bcail@crossway.org 2024-03-26T15:25:29Z urn:sha1:0b33a3abc2ca7d68a24f6d0772bc2b9fa603744e Refs #34110 -- Added StorageSettingsMixin. 2022-11-11T06:05:00Z Francesco Panico panico.francesco@gmail.com 2022-11-11T06:04:18Z urn:sha1:99b4f90ec6b96e8c2a9f22b360d4eb5589763034 Refs #34110 -- Reorganized django.core.files.storage into a separate module. 2022-11-11T05:59:33Z Francesco Panico panico.francesco@gmail.com 2022-11-10T21:01:53Z urn:sha1:032c09c4144eaa278a64b9a4bef838341b35d175