django.git/docs/releases/5.2.8.txt, branch main django http://cgit.adnoto.dev/django.git/atom?h=main 2025-11-20T22:31:31Z Added missing ticket links in docs/releases/5.2.8.txt. 2025-11-20T22:31:31Z Jacob Walls jacobtylerwalls@gmail.com 2025-11-20T22:28:24Z urn:sha1:8ce3e1f9d0cdfdcba91e7e544804fa33f6fa9177 Fixed CVE-2025-64459 -- Prevented SQL injections in Q/QuerySet via the _connector kwarg. 2025-11-05T12:20:57Z Jacob Walls jacobtylerwalls@gmail.com 2025-09-24T19:54:51Z urn:sha1:98e642c69181c942d60a10ca0085d48c6b3068bb Thanks cyberstan for the report, Sarah Boyce, Adam Johnson, Simon Charette, and Jake Howard for the reviews. Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedirect/HttpResponsePermanentRedirect on Windows. 2025-11-05T12:20:57Z Jacob Walls jacobtylerwalls@gmail.com 2025-10-16T20:28:33Z urn:sha1:c880530ddd4fabd5939bab0e148bebe36699432a Thanks Seokchan Yoon for the report, Markus Holtermann for the triage, and Jake Howard for the review. Follow-up to CVE-2025-27556 and 39e2297210d9d2938c75fc911d45f0e863dc4821. Fixed #36704 -- Fixed system check error for proxy model with a composite pk. 2025-11-04T16:59:21Z Hal Blackburn hwtb2@cam.ac.uk 2025-11-04T05:58:46Z urn:sha1:74564946c3b42a2ef7d087047e49873847a7e1d9 Proxy models subclassing a model with a CompositePrimaryKey were incorrectly reporting check errors because the check that requires only local fields to be used in a composite pk was evaluated against the proxy subclass, which has no fields. To fix this, composite pk field checks are not evaluated against proxy subclasses, as none of the checks are applicable to proxy subclasses. This also has the benefit of not double-reporting real check errors from an invalid superclass pk. Thanks Clifford Gama for the review. Added stub release notes and release date for 5.2.8, 5.1.14, and 4.2.26. 2025-10-29T17:57:45Z Jacob Walls jacobtylerwalls@gmail.com 2025-09-24T19:29:09Z urn:sha1:ab108bf94dfc06c311d7dc81866b848fe5b5ee6c Refs #35844 -- Doc'd Python 3.14 compatibility. 2025-10-17T17:25:02Z Mariusz Felisiak felisiak.mariusz@gmail.com 2025-10-13T14:34:26Z urn:sha1:56977b466c33ca3da14a1ed2609172425a76a34e Fixed #36648, Refs #33772 -- Accounted for composite pks in first()/last() when aggregating. 2025-10-14T19:48:29Z Jacob Walls jacobtylerwalls@gmail.com 2025-10-13T21:22:17Z urn:sha1:02eed4f37879b2077496f86bb1378a076b981233 Fixed #36646 -- Added compatibility for oracledb 3.4.0. 2025-10-11T15:15:28Z Simon Charette charette.s@gmail.com 2025-10-08T16:20:57Z urn:sha1:315dbe675df338ae66c8fa43274a76ecbed7ef67 The Database.Binary, Date, and Timestamp attributes were changed from aliases to bytes, datetime.date, and datetime.datetime to factory functions in oracle/python-oracledb@869a887819cdac7fcd610f9d9d463ade49ea7 which made their usage inadequate for isinstance checks. Thanks John Wagenleitner for the report and Natalia for the triage. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Added stub release notes for 5.2.8. 2025-10-01T14:30:45Z Jacob Walls jacobtylerwalls@gmail.com 2025-10-01T14:30:45Z urn:sha1:1324d9037e9281ec0fdd88c15b20881c7a6ea8b9