django.git/tests/auth_tests, branch main django http://cgit.adnoto.dev/django.git/atom?h=main 2026-04-24T18:19:15Z Fixed #36542 -- Marked authenticate() with @sensitive_variables() decorator. 2026-04-24T18:19:15Z KANIN KEARPIMY jamesk@KANINs-MacBook-Air.local 2026-03-31T15:56:13Z urn:sha1:526b548cfb9c8a02ea2b7ae064ef3b795305d51a Thanks Olivier Dalang, Tim McCurrach, Sarah Boyce, and Mar Bartolome for reviews. Fixed #37021 -- Added Permission.user_perm_str property. 2026-04-07T19:38:35Z mariatta mariatta.wijaya@gmail.com 2026-04-03T18:44:02Z urn:sha1:e2abe321a6f1370e05c1a89a742125c9eafcac8c For use in checking user permissions via has_perm(). Co-authored-by: 사재혁 <jaehyuck.sa.dev@gmail.com> Fixed #37017 -- Fixed setting or clearing of request.user after alogin/alogout(). 2026-04-02T13:00:55Z Jacob Walls jacobtylerwalls@gmail.com 2026-04-01T13:36:16Z urn:sha1:a32c7075cf634aee1f4f3deecd27f194097ec0c2 Regression in 31a43c571f4d036827d4fd7a5f615591637dc1be. Fixed #27489 -- Renamed permissions upon model renaming in migrations. 2026-02-27T12:45:21Z Artyom Kotovskiy mrartem1927@gmail.com 2025-04-20T22:17:47Z urn:sha1:a040f555069971192220122555f187530d679d53 Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com> Fixed #34643 -- Moved inputs beneath labels and errors in admin forms. 2026-02-27T12:43:45Z antoliny0919 antoliny0919@gmail.com 2025-08-07T13:17:50Z urn:sha1:187a789f99ecbc708de517c6b54d480b68ba59fe Thanks Sarah Boyce and Jacob Walls for reviews. Co-authored-by: Hrushikesh Vaidya <hrushikeshrv@gmail.com> Fixed #36903 -- Fixed further NameErrors when inspecting functions with deferred annotations. 2026-02-10T21:51:55Z 93578237 43147888+93578237@users.noreply.github.com 2026-02-09T21:06:50Z urn:sha1:56ed37e17e5b1a509aa68a0c797dcff34fcc1366 Provide a wrapper for safe introspection of user functions on Python 3.14+. Follow-up to 601914722956cc41f1f2c53972d669ddee6ffc04. Modified tests to format PKs with %s rather than %d. 2026-02-10T21:04:24Z Tim Graham timograham@gmail.com 2026-02-06T16:06:17Z urn:sha1:d007fcf7291cc3c24d4545e23c759bde22b6a8a6 It's how Django formats values internally and makes tests compatible with databases that use non-integer primary keys. Fixed CVE-2025-13473 -- Standardized timing of check_password() in mod_wsgi auth handler. 2026-02-03T12:52:25Z Jake Howard git@theorangeone.net 2025-11-19T16:52:28Z urn:sha1:3eb814e02a4c336866d4189fa0c24fd1875863ed Refs CVE-2024-39329, #20760. Thanks Stackered for the report, and Jacob Walls and Markus Holtermann for the reviews. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Refs #34118 -- Removed asgiref coroutine detection shims. 2026-01-31T13:59:54Z Jacob Walls jacobtylerwalls@gmail.com 2026-01-30T20:53:27Z urn:sha1:4a52533329a03207c1c4592a13fbb12b9ec5ef9e As Python 3.12 is now the floor, we can drop the shims and use the `inspect` module. Applied Black's 2026 stable style. 2026-01-18T20:26:56Z Mariusz Felisiak felisiak.mariusz@gmail.com 2026-01-18T20:26:56Z urn:sha1:6cff02078799b7c683a0d39630d49ab4fe532e7c https://github.com/psf/black/releases/tag/26.1.0