django.git/tests/utils_tests, branch maindjango
http://cgit.adnoto.dev/django.git/atom?h=main2026-04-22T18:25:08ZFixed #36991 -- Raised BadRequest for invalid encodings in Content-Type headers.2026-04-22T18:25:08ZDineshdineshthumma15@gmail.com2026-03-21T17:21:11Zurn:sha1:dc467fdc3b5744cec71fab876c23a14013e2510bFixed #36943 -- Preserved any exception from URLconf module in autoreloader.2026-03-10T15:32:39Zvarunkasyapvarunkasyap@hotmail.com2026-03-03T13:40:51Zurn:sha1:3483bfc0920b0ef0b28563aabe8ff546699b6ece
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
Fixed #36293 -- Avoided buffering streaming responses in GZipMiddleware.2026-03-09T12:41:00Zfarhanfarhanalirazaazeemi@gmail.com2025-12-13T18:33:33Zurn:sha1:12bb16da8fbadac34e2de318cc79d7d765f35a96
This avoids latency and/or blocking.
The example of streaming a CSV file was rewritten to employ batching for
greater efficiency in all layers (db, HTTP, etc.). The improved
performance from batching should outweigh the drag introduced by an
additional byte for each flush.
Co-authored-by: huoyinghui <huoyinghui@users.noreply.github.com>
Fixed CVE-2026-25674 -- Prevented potentially incorrect permissions on file system object creation.2026-03-03T12:09:32ZNatalia124304+nessita@users.noreply.github.com2026-01-21T21:03:20Zurn:sha1:019e44f67a8dace67b786e2818938c8691132988
This fix introduces `safe_makedirs()` in the `os` utils as a safer
alternative to `os.makedirs()` that avoids umask-related race conditions
in multi-threaded environments.
This is a workaround for https://github.com/python/cpython/issues/86533
and the solution is based on the fix being proposed for CPython.
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
Refs CVE-2020-24583 and #31921.
Thanks Tarek Nakkouch for the report, and Jake Howard, Jacob Walls, and
Shai Berger for reviews.
Fixed #36944 -- Removed MAX_LENGTH_HTML and related 5M chars limit references from HTML truncation docs.2026-02-25T16:08:52ZNatalia124304+nessita@users.noreply.github.com2026-02-25T13:37:38Zurn:sha1:bbc6818bc12f14c1764a7eb68556018195f56b59Fixed CVE-2026-1285 -- Mitigated potential DoS in django.utils.text.Truncator for HTML input.2026-02-03T12:54:16ZNatalia124304+nessita@users.noreply.github.com2026-01-21T12:53:10Zurn:sha1:a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
The `TruncateHTMLParser` used `deque.remove()` to remove tags from the
stack when processing end tags. With crafted input containing many
unmatched end tags, this caused repeated full scans of the tag stack,
leading to quadratic time complexity.
The fix uses LIFO semantics, only removing a tag from the stack when it
matches the most recently opened tag. This avoids linear scans for
unmatched end tags and reduces complexity to linear time.
Refs #30686 and 6ee37ada3241ed263d8d1c2901b030d964cbd161.
Thanks Seokchan Yoon for the report, and Jake Howard and Jacob Walls for
reviews.
Fixed #36810 -- Avoided infinite recursion in SimpleLazyObject.__repr__().2025-12-24T17:46:41ZSeansean@pop-os.home2025-12-18T23:37:07Zurn:sha1:8e4b531111ddd3256c45eee601947e475651e8e7
Detect when `SimpleLazyObject._setupfunc` is a bound method of the same
instance to use a safe representation and avoid infinite recursion.
Refs #36810 -- Avoided infinite recursion in LazyNonce.__repr__().2025-12-24T17:46:41ZSean Reedsean@sean-reed.com2025-12-19T21:09:25Zurn:sha1:165c3599965e63f88649a46fcc2ff681c52f2f66
Moved nonce generation in ``django.utils.csp.LazyNonce`` to a function
to avoid infinite recursion in ``SimpleLazyObject.__repr__`` for
unevaluated instances.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Fixed #36747 -- Parsed weeks from ISO 8601 format in parse_duration().2025-12-17T15:19:05Zvarunkasyapvarunkasyap@hotmail.com2025-11-22T12:24:05Zurn:sha1:0d8548e5831bc610102d5e4b8a2366f26818a28aRefs #36499 -- Adjusted test_strip_tags following Python behavior change for incomplete entities.2025-12-11T16:28:49ZJacob Wallsjacobtylerwalls@gmail.com2025-12-11T13:44:19Zurn:sha1:7b80b2186300620931009fd62c2969f108fe7a62