django.git/django/db/models/sql/query.py, branch 4.2.20

django.git/django/db/models/sql/query.py, branch 4.2.20 django http://cgit.adnoto.dev/django.git/atom?h=4.2.20 2024-07-31T14:12:35Z [4.2.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields. 2024-07-31T14:12:35Z Simon Charette charette.s@gmail.com 2024-07-25T16:19:13Z urn:sha1:f4af67b9b41e0f4c117a8741da3abbd1c869ab28 Thanks Eyal (eyalgabay) for the report. [4.2.x] Fixed #34975 -- Fixed crash of conditional aggregate() over aggregations. 2023-11-18T15:53:24Z Simon Charette charette.s@gmail.com 2023-11-18T00:42:44Z urn:sha1:acf4cee95144c55a12492cdd71fa795d7accfe26 Adjustments made to solve_lookup_type to defer the resolving of references for summarized aggregates failed to account for similar requirements for lookup values which can also reference annotations through Aggregate.filter. Regression in b181cae2e3697b2e53b5b67ac67e59f3b05a6f0d. Refs #25307. Thanks Sergey Nesterenko for the report. Backport of 7530cf3900ab98104edcde69e8a2a415e82b345a from main [4.2.x] Fixed #34798 -- Fixed QuerySet.aggregate() crash when referencing expressions containing subqueries. 2023-10-16T04:15:36Z Simon Charette charette.s@gmail.com 2023-10-16T01:59:15Z urn:sha1:803caec60bed3b282b9f9961860a467160c0c8f1 Regression in 59bea9efd2768102fc9d3aedda469502c218e9b7, complements e5c844d6f2a4ac6ae674d741b5f1fa2a688cedf4. Refs #28477, #34551. Thanks Haldun Komsuoglu for the report. Backport of 3b4a571275d967512866012955eb0b3ae486d63c from main [4.2.x] Fixed #34750 -- Fixed QuerySet.count() when grouping by unused multi-valued annotations. 2023-08-01T14:17:06Z Mariusz Felisiak felisiak.mariusz@gmail.com 2023-08-01T14:16:28Z urn:sha1:8808d9da6b11b8aa32d750265217721450b0fb1f Thanks Toan Vuong for the report. Thanks Simon Charette for the review. Regression in 59bea9efd2768102fc9d3aedda469502c218e9b7. Backport of c9b9a52edc66be117c6e5b5214fa788a4d5db7a8 from main [4.2.x] Fixed #34717 -- Fixed QuerySet.aggregate() crash when referencing window functions. 2023-07-19T07:06:16Z Simon Charette charette.s@gmail.com 2023-07-17T16:51:54Z urn:sha1:7a67b065d7e5653f3af1cbd28882d33d2a088b02 Regression in 59bea9efd2768102fc9d3aedda469502c218e9b7. Refs #28477. Thanks younes-chaoui for the report. Backport of 68912e4f6f84f21322f92a2c7b6c77f68f91b9c9 from main [4.2.x] Fixed #34612 -- Fixed QuerySet.only() crash on reverse relationships. 2023-06-01T19:27:06Z Simon Charette charette.s@gmail.com 2023-05-31T22:04:17Z urn:sha1:738386470d899c61cb1980233c1e7872ba78e679 Regression in b3db6c8dcb5145f7d45eff517bcd96460475c879. Thanks Ian Cubitt for the report. This also corrected test_inheritance_deferred2() test which was previously properly defined and marked as an expected failure but was then wrongly adjusted to mask the lack of support for per-alias deferral that was fixed by #21204. Backport of 2cf76f2d5d1aa16acfadaf53db3d30128a34b088 from main [4.2.x] Fixed #34551 -- Fixed QuerySet.aggregate() crash when referencing subqueries. 2023-05-23T05:39:24Z Simon Charette charette.s@gmail.com 2023-05-22T03:57:49Z urn:sha1:c78a4421de0fc3240b91d59e8f9028331777c624 Regression in 59bea9efd2768102fc9d3aedda469502c218e9b7. Refs #28477. Thanks Denis Roldán and Mariusz for the test. Backport of e5c844d6f2a4ac6ae674d741b5f1fa2a688cedf4 from main [4.2.x] Refs #34551 -- Fixed QuerySet.aggregate() crash on precending aggregation reference. 2023-05-23T05:39:18Z Simon Charette charette.s@gmail.com 2023-05-22T03:49:05Z urn:sha1:57f499e412c7c28b4a1f1b740468bf6eabbdb695 Regression in 1297c0d0d76a708017fe196b61a0ab324df76954. Refs #31679. Backport of 2ee01747c32a7275a7a1a5f7862acba7db764921 from main [4.2.x] Fixed #34570 -- Silenced noop deferral of many-to-many and GFK. 2023-05-17T06:39:44Z Simon Charette charette.s@gmail.com 2023-05-16T19:11:19Z urn:sha1:201d29b3719ef15637648be7bd947ef90a66ab55 While deferring many-to-many and GFK has no effect, the previous implementation of QuerySet.defer() ignore them instead of crashing. Regression in b3db6c8dcb5145f7d45eff517bcd96460475c879. Thanks Paco Martínez for the report. Backport of 99e5dff737cd20b12d060e4794e097063b61ec40 from main [4.2.x] Fixed #34464 -- Fixed queryset aggregation over group by reference. 2023-04-07T04:58:24Z Simon Charette charette.s@gmail.com 2023-04-06T12:19:53Z urn:sha1:511dc3db539122577aaba71f5a24d65d5adab092 Regression in 59bea9efd2768102fc9d3aedda469502c218e9b7. Refs #28477. Thanks Ian Cubitt for the report. Backport of 9daf8b4109c3e133eb57349bb44d73cc60c5773c from main