django.git/django/db/models/sql/query.py, branch 5.1.10 django http://cgit.adnoto.dev/django.git/atom?h=5.1.10 2024-08-06T06:51:22Z [5.1.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields. 2024-08-06T06:51:22Z Simon Charette charette.s@gmail.com 2024-07-25T16:19:13Z urn:sha1:e2583fbc2ebffce11b4444a7cec6336513e81f8b Thanks Eyal (eyalgabay) for the report. Refs #35356 -- Clarified select related with masked field logic. 2024-04-23T16:17:17Z Simon Charette charette.s@gmail.com 2024-04-06T03:20:41Z urn:sha1:195d885ca01b14e3ce9a1881c3b8f7074f953736 By always including related objects in the select mask via adjusting the defer logic (_get_defer_select_mask()), it becomes possible for select_related_descend() to treat forward and reverse relationships indistinctively. This work also simplifies and adds comments to select_related_descend() to make it easier to understand. Fixed #35356 -- Deferred self-referential foreign key fields adequately. 2024-04-23T16:17:17Z Simon Charette charette.s@gmail.com 2024-04-06T03:08:49Z urn:sha1:83f5478225588f31e7cbbfed63a4a2b936abc03f While refs #34612 surfaced issues with reverse one-to-one fields deferrals, it missed that switching to storing remote fields would break self-referential relationships. This change switches to storing related objects in the select mask instead of remote fields to prevent collisions when dealing with self-referential relationships that might have a different directional mask. Despite fixing #21204 introduced a crash under some self-referential deferral conditions, it was simply not working even before that as it aggregated the sets of deferred fields by model. Thanks Joshua van Besouw for the report and Mariusz Felisiak for the review. Fixed #35099 -- Prevented mutating queryset when combining with & and | operators. 2024-02-07T11:36:30Z Hisham Mahmood hishammahmood41@gmail.com 2024-02-06T14:40:01Z urn:sha1:d79fba7d8e7bbcdf53535a14d57ead5a6863cd8d Thanks Alan for the report. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Fixed #35135 -- Made FilteredRelation raise ValueError on querysets as rhs. 2024-01-29T19:29:49Z Nicolas Delaby nicolas.delaby@infarm.com 2024-01-23T10:51:24Z urn:sha1:820c5f1bacd41713bd30d8b5fefb66752ff15c4c Regression in 59f475470494ce5b8cbff816b1e5dafcbd10a3a3. Applied Black's 2024 stable style. 2024-01-26T11:45:07Z Mariusz Felisiak felisiak.mariusz@gmail.com 2024-01-26T11:45:07Z urn:sha1:305757aec19c9d5111e4d76095ae0acd66163e4b https://github.com/psf/black/releases/tag/24.1.0 Refs #35102 -- Optimized replace_expressions()/relabelling aliases by adding early return. 2024-01-15T04:56:38Z Mariusz Felisiak felisiak.mariusz@gmail.com 2024-01-13T19:33:20Z urn:sha1:f3d10546a850df4fe3796f972d5b7e16adf52f54 This avoids costly hashing. Thanks Anthony Shaw for the report. Co-Authored-By: Simon Charette <charette.s@gmail.com> Fixed #35050 -- Fixed prefixing field names in FilteredRelation(). 2023-12-23T16:35:13Z David Wobrock david.wobrock@gmail.com 2023-12-21T22:20:36Z urn:sha1:14917c9ae272f47d23401100faa6cefa8e1728bf Thanks Mark Zorn for the report. Regression in 59f475470494ce5b8cbff816b1e5dafcbd10a3a3. Fixed #35042 -- Fixed a count() crash on combined queries. 2023-12-16T19:19:24Z Simon Charette charette.s@gmail.com 2023-12-16T02:00:59Z urn:sha1:77278929c86168f075600d9d8c8e76a4792e672b Regression in 59bea9efd2768102fc9d3aedda469502c218e9b7. Thanks Marcin for the report. Refs #34717 -- Avoided computing aggregate refs twice. 2023-11-18T14:41:25Z Simon Charette charette.s@gmail.com 2023-11-18T00:55:27Z urn:sha1:d7a9f006ed6d6323d3d66e75354202f4d1174ea0