django.git/django/db/backends/postgresql/operations.py, branch 4.2.29 django http://cgit.adnoto.dev/django.git/atom?h=4.2.29 2025-12-02T12:44:19Z [4.2.x] Fixed CVE-2025-13372 -- Protected FilteredRelation against SQL injection in column aliases on PostgreSQL. 2025-12-02T12:44:19Z Jacob Walls jacobtylerwalls@gmail.com 2025-11-17T22:09:54Z urn:sha1:f997037b235f6b5c9e7c4a501491ec45f3400f3d Follow-up to CVE-2025-57833. Thanks Stackered for the report, and Simon Charette and Mariusz Felisiak for the reviews. Backport of 5b90ca1e7591fa36fccf2d6dad67cf1477e6293e from main. [4.2.x] Fixed #34840 -- Avoided casting string base fields on PostgreSQL. 2023-09-22T04:07:19Z Mariusz Felisiak felisiak.mariusz@gmail.com 2023-09-22T04:01:11Z urn:sha1:a148461f1fa7aceb2ea6c9dc203b67a170884445 Thanks Alex Vandiver for the report. Regression in 09ffc5c1212d4ced58b708cbbf3dfbfb77b782ca. Backport of 779cd28acb1f7eb06f629c0ea4ded99b5ebb670a from main. Fixed #33308 -- Added support for psycopg version 3. 2022-12-15T05:17:57Z Daniele Varrazzo daniele.varrazzo@gmail.com 2022-12-01T19:23:43Z urn:sha1:09ffc5c1212d4ced58b708cbbf3dfbfb77b782ca Thanks Simon Charette, Tim Graham, and Adam Johnson for reviews. Co-authored-by: Florian Apolloner <florian@apolloner.eu> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Refs #33308 -- Added DatabaseOperations.compose_sql() on PostgreSQL. 2022-12-12T09:36:45Z Florian Apolloner florian@apolloner.eu 2022-12-12T08:54:49Z urn:sha1:db7bb3b64e469fbb5c79e7b5b2fcb890434aa60f Refs #33308 -- Moved psycopg2 imports to the psycopg_any module. 2022-12-12T07:36:17Z Florian Apolloner florian@apolloner.eu 2022-12-12T07:25:05Z urn:sha1:2ebfbd894e21e1656c1e1f32d98b8df7a32d3649 Refs #33308 -- Used get_db_prep_value() to adapt JSONFields. 2022-11-15T12:02:36Z Simon Charette charette.s@gmail.com 2022-11-01T02:28:17Z urn:sha1:5c23d9f0c32f166c81ecb6f3f01d5077a6084318 Fixed #33872 -- Deprecated django.contrib.postgres.fields.CIText/CICharField/CIEmailField/CITextField. 2022-08-03T09:42:51Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-08-03T09:42:51Z urn:sha1:cb791a2540c289390b68a3ea9c6a79476890bab2 Refs CVE-2022-34265 -- Properly escaped Extract() and Trunc() parameters. 2022-07-06T05:40:07Z Simon Charette charette.s@gmail.com 2022-06-20T03:46:22Z urn:sha1:877c800f255ccaa7abde1fb944de45d1616f5cc9 Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Removed unneeded code in explain_query_prefix() 2022-04-14T04:46:42Z Tim Graham timograham@gmail.com 2022-04-14T00:15:51Z urn:sha1:a32876606f1346d4fbdab3813061f8a79cb23ac2 Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 2022-04-11T06:59:58Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-04-01T11:48:47Z urn:sha1:6723a26e59b0b5429a0c5873941e01a2e1bdbb81