django http://cgit.adnoto.dev/django.git/atom?h=main 2026-04-22T18:25:08Z 2026-04-22T18:25:08Z Dinesh dineshthumma15@gmail.com 2026-03-21T17:21:11Z urn:sha1:dc467fdc3b5744cec71fab876c23a14013e2510b 2026-04-07T11:12:23Z Natalia 124304+nessita@users.noreply.github.com 2026-03-05T17:41:44Z urn:sha1:7e9885f99cee771b51692fadc5592bdbf19641aa When a multipart file part used `Content-Transfer-Encoding: base64` and the non-whitespace base64 bytes did not align to a multiple of 4 within a chunk, the parser entered a loop calling `field_stream.read(1-3)` once per whitespace byte. Each such call fetched the entire internal buffer, sliced off 1-3 bytes, and pushed the remainder back via unget(), doing an O(n) memory copy per call. A 2.5 MB payload of mostly whitespace produced CPU amplification relative to a normal upload of the same size. The alignment loop now reads `self._chunk_size` bytes at a time, and accumulates stripped parts in a list joined once at the end. Thanks to Seokchan Yoon for the report and the fixing patch. 2026-02-24T18:44:42Z sammiee5311 sammiee5311@gmail.com 2026-02-16T03:21:03Z urn:sha1:e84dc8715e91d51364ba6bda2b2fb07e7a8b750e Added LookupError to the except clause so invalid headers are silently skipped, consistent with other malformed header handling. 2026-02-10T22:59:02Z farhan farhanalirazaazeemi@gmail.com 2026-01-05T19:34:39Z urn:sha1:7732f942a98a709750fc1fed2c69741183844a3c 2025-08-28T17:25:36Z Jake Howard git@theorangeone.net 2025-08-20T15:04:48Z urn:sha1:41ff30f6f9d072036be1f74db8f0c8b21565299f Header parsing should apply only to the header value. The previous implementation happened to work but relied on unintended behavior. 2025-07-23T23:17:55Z django-bot ops@djangoproject.com 2025-07-23T03:41:41Z urn:sha1:69a93a88edb56ba47f624dac7a21aacc47ea474f Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505. 2025-06-16T07:25:25Z Jake Howard git@theorangeone.net 2025-06-10T22:00:25Z urn:sha1:12c1557060fc94fe5e1fbddc4578a4e29d38f77c When matching which entry in the `Accept` header should be used for a given media type, the specificity matters. However once those are resolved, only the quality matters when selecting preference. Regression in c075508b4de8edf9db553b409f8a8ed2f26ecead. Thank you to Anders Kaseorg for the report. 2025-06-09T20:37:40Z Natalia 124304+nessita@users.noreply.github.com 2025-06-09T12:59:11Z urn:sha1:cf5f36bf903a2854f5e395149cee707115b83744 The "q" key was removed while addressing ticket #36411. Despite `MediaType.params` is undocumented and considered internal, it was used in third-party projects (Zulip reported breakage), so this work restored the `q` key in `params`. Thanks Anders Kaseorg for the report. Regression in c075508b4de8edf9db553b409f8a8ed2f26ecead. 2025-06-03T19:10:41Z Jake Howard git@theorangeone.net 2025-05-27T16:00:29Z urn:sha1:c075508b4de8edf9db553b409f8a8ed2f26ecead HttpRequest.get_preferred_type() did not account for parameters in Accept header media types (e.g., "text/vcard; version=3.0"). This caused incorrect content negotiation when multiple types differed only by parameters, reducing specificity as per RFC 7231 section 5.3.2 (https://datatracker.ietf.org/doc/html/rfc7231.html#section-5.3.2). This fix updates get_preferred_type() to treat media types with parameters as distinct, allowing more precise and standards-compliant matching. Thanks to magicfelix for the report, and to David Sanders and Sarah Boyce for the reviews. 2025-05-13T15:41:17Z Aleksandr Safonov sashakashvile@gmail.com 2025-04-18T13:46:02Z urn:sha1:96c79be4e436f0b3045421556a2253cbff4533dc