django http://cgit.adnoto.dev/django.git/atom?h=4.2.29 2026-02-03T13:26:51Z 2026-02-03T13:26:51Z Jacob Walls jacobtylerwalls@gmail.com 2026-01-21T23:00:13Z urn:sha1:881ff2c4830f95fa844d8de5977c06205d45368f This prevents failures at the database layer, given that aliases in the ON clause are not quoted. Systematically quoting aliases even in FilteredRelation is tracked in https://code.djangoproject.com/ticket/36795. Backport of 005d60d97c4dfb117503bdb6f2facfcaf9315d84 from main. 2026-02-03T13:25:58Z Jake Howard git@theorangeone.net 2026-01-21T11:14:48Z urn:sha1:f75f8f3597e1ce351d5ac08b6ba7ebd9dadd9b5d Control characters in FilteredRelation column aliases could be used for SQL injection attacks. This affected QuerySet.annotate(), aggregate(), extra(), values(), values_list(), and alias() when using dictionary expansion with **kwargs. Thanks Solomon Kebede for the report, and Simon Charette, Jacob Walls, and Natalia Bidart for reviews. Backport of e891a84c7ef9962bfcc3b4685690219542f86a22 from main. 2025-10-01T13:05:20Z Mariusz Felisiak felisiak.mariusz@gmail.com 2025-09-10T07:53:52Z urn:sha1:38d9ef8c7b5cb6ef51b933e51a20e0e0063f33d5 Thanks sw0rd1ight for the report. Follow up to 93cae5cb2f9a4ef1514cf1a41f714fef08005200. Backport of 41b43c74bda19753c757036673ea9db74acf494a from main. 2025-09-03T11:39:26Z Jake Howard git@theorangeone.net 2025-08-13T12:13:42Z urn:sha1:31334e6965ad136a5e369993b01721499c5d1a92 Thanks Eyal Gabay (EyalSec) for the report. Backport of 51711717098d3f469f795dfa6bc3758b24f69ef7 from main. 2024-07-31T14:12:35Z Simon Charette charette.s@gmail.com 2024-07-25T16:19:13Z urn:sha1:f4af67b9b41e0f4c117a8741da3abbd1c869ab28 Thanks Eyal (eyalgabay) for the report. 2023-11-18T15:53:24Z Simon Charette charette.s@gmail.com 2023-11-18T00:42:44Z urn:sha1:acf4cee95144c55a12492cdd71fa795d7accfe26 Adjustments made to solve_lookup_type to defer the resolving of references for summarized aggregates failed to account for similar requirements for lookup values which can also reference annotations through Aggregate.filter. Regression in b181cae2e3697b2e53b5b67ac67e59f3b05a6f0d. Refs #25307. Thanks Sergey Nesterenko for the report. Backport of 7530cf3900ab98104edcde69e8a2a415e82b345a from main 2023-10-16T04:15:36Z Simon Charette charette.s@gmail.com 2023-10-16T01:59:15Z urn:sha1:803caec60bed3b282b9f9961860a467160c0c8f1 Regression in 59bea9efd2768102fc9d3aedda469502c218e9b7, complements e5c844d6f2a4ac6ae674d741b5f1fa2a688cedf4. Refs #28477, #34551. Thanks Haldun Komsuoglu for the report. Backport of 3b4a571275d967512866012955eb0b3ae486d63c from main 2023-08-01T14:17:06Z Mariusz Felisiak felisiak.mariusz@gmail.com 2023-08-01T14:16:28Z urn:sha1:8808d9da6b11b8aa32d750265217721450b0fb1f Thanks Toan Vuong for the report. Thanks Simon Charette for the review. Regression in 59bea9efd2768102fc9d3aedda469502c218e9b7. Backport of c9b9a52edc66be117c6e5b5214fa788a4d5db7a8 from main 2023-07-19T07:06:16Z Simon Charette charette.s@gmail.com 2023-07-17T16:51:54Z urn:sha1:7a67b065d7e5653f3af1cbd28882d33d2a088b02 Regression in 59bea9efd2768102fc9d3aedda469502c218e9b7. Refs #28477. Thanks younes-chaoui for the report. Backport of 68912e4f6f84f21322f92a2c7b6c77f68f91b9c9 from main 2023-06-01T19:27:06Z Simon Charette charette.s@gmail.com 2023-05-31T22:04:17Z urn:sha1:738386470d899c61cb1980233c1e7872ba78e679 Regression in b3db6c8dcb5145f7d45eff517bcd96460475c879. Thanks Ian Cubitt for the report. This also corrected test_inheritance_deferred2() test which was previously properly defined and marked as an expected failure but was then wrongly adjusted to mask the lack of support for per-alias deferral that was fixed by #21204. Backport of 2cf76f2d5d1aa16acfadaf53db3d30128a34b088 from main