| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2022-10-04 | [3.2.x] Bumped version for 3.2.16 release.3.2.16 | Carlton Gibson | |
| 2022-09-27 | [3.2.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as ↵ | Adam Johnson | |
| regular expressions. Thanks to Benjamin Balder Bach for the report. | |||
| 2022-09-27 | [3.2.x] Added stub notes 3.2.16 release. | Carlton Gibson | |
| Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main | |||
| 2022-08-03 | [3.2.x] Added CVE-2022-36359 to security archive. | Carlton Gibson | |
| Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main | |||
| 2022-08-03 | [3.2.x] Post-release version bump. | Carlton Gibson | |
| 2022-08-03 | [3.2.x] Bumped version for 3.2.15 release.3.2.15 | Carlton Gibson | |
| 2022-08-03 | [3.2.x] Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header. | Carlton Gibson | |
| Thanks to Motoyasu Saburi for the report. | |||
| 2022-08-01 | [3.2.x] Fixed collation tests on MySQL 8.0.30+. | Mariusz Felisiak | |
| The utf8_ collations are renamed to utf8mb3_* on MySQL 8.0.30+. Backport of 88dba2e3fd64b64bcf4fae83b256b4f6f492558f from main. | |||
| 2022-08-01 | [3.2.x] Fixed inspectdb and schema tests on MariaDB 10.6+. | Mariusz Felisiak | |
| The utf8 character set (and related collations) is by default an alias for utf8mb3 on MariaDB 10.6+. Backport of 355ecd141671e34853d1ff99ffdb1a7fb95b4276 from main | |||
| 2022-07-27 | Adjusted release notes for 3.2.15. | Carlton Gibson | |
| Backport of cadd864f6878c1c02a014589876ece166befdeb3 from main | |||
| 2022-07-27 | [3.2.x] Added stub release notes for 3.2.15 release. | Carlton Gibson | |
| Backport of 0c1675781ec5944132fe5a475ca6064edc71bd81 from main | |||
| 2022-07-05 | [3.2.x] Fixed RelatedGeoModelTest.test08_defer_only() on MySQL 8+ with ↵ | Mariusz Felisiak | |
| MyISAM storage engine. Backport of 73766c118781a7f7052bf0a5fbee38b944964e31 from main. | |||
| 2022-07-04 | [3.2.x] Added CVE-2022-34265 to security archive. | Mariusz Felisiak | |
| Backport of d12d7c4c42814736c24731a6a300a79526fc2ef6 from main | |||
| 2022-07-04 | [3.2.x] Post-release version bump. | Mariusz Felisiak | |
| 2022-07-04 | [3.2.x] Bumped version for 3.2.14 release.3.2.14 | Mariusz Felisiak | |
| 2022-07-04 | [3.2.x] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) ↵ | Mariusz Felisiak | |
| against SQL injection. Thanks Takuto Yoshikai (Aeye Security Lab) for the report. | |||
| 2022-07-01 | [3.2.x] Fixed GEOSTest.test_emptyCollections() on GEOS 3.8.0. | Mariusz Felisiak | |
| It's a regression in GEOS 3.8.0 fixed in GEOS 3.8.1. Backport of 863aa7541d30247e7eb7a973ff68a7d36f16dc02 from main | |||
| 2022-06-27 | [3.2.x] Bumped minimum Sphinx version to 4.5.0. | Mariusz Felisiak | |
| Related Sphinx changes: - https://github.com/sphinx-doc/sphinx/pull/8898 - https://github.com/sphinx-doc/sphinx/issues/8326 Backport of ebf25555bbed3e9112d4b726575d60b242daf48a from main. | |||
| 2022-06-27 | [3.2.x] Fixed docs build with sphinxcontrib-spelling 7.5.0+. | Mariusz Felisiak | |
| sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set of nodes for which the text is checked. Backport of ac90529cc58507d9a07610809a795ec5fc3cbf8c from main. | |||
| 2022-06-27 | [3.2.x] Added stub release notes for 3.2.14. | Mariusz Felisiak | |
| Backport of b2eff16806057095c7dd3daa9402ad615e51627f from main | |||
| 2022-06-22 | [3.2.x] Fixed ↵ | Mariusz Felisiak | |
| test_request_lifecycle_signals_dispatched_with_thread_sensitive with asgiref 3.5.1+. | |||
| 2022-06-21 | [3.2.x] Fixed CoveringIndexTests.test_covering_partial_index() when ↵ | Mariusz Felisiak | |
| DEFAULT_INDEX_TABLESPACE is set. Backport of aa8b9279e40da343f5b91e5aec07f868184056f4 from main | |||
| 2022-06-01 | [3.2.x] Fixed #33753 -- Fixed docs build on Sphinx 5+. | Mariusz Felisiak | |
| Empty language is not supported anymore. Backport of 565ad5ace46aa1e2368450701cba45dd1a95a026 from main | |||
| 2022-04-11 | [3.2.x] Added CVE-2022-28346 and CVE-2022-28347 to security archive. | Mariusz Felisiak | |
| Backport of 78eeff8d33ead67cfc8603477c95e70f8fbe096a from main | |||
| 2022-04-11 | [3.2.x] Post-release version bump. | Mariusz Felisiak | |
| 2022-04-11 | [3.2.x] Bumped version for 3.2.13 release.3.2.13 | Mariusz Felisiak | |
| 2022-04-11 | [3.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) ↵ | Mariusz Felisiak | |
| against SQL injection on PostgreSQL. Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main. | |||
| 2022-04-11 | [3.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), ↵ | Mariusz Felisiak | |
| and extra() against SQL injection in column aliases. Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report. Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main. | |||
| 2022-04-11 | [3.2.x] Fixed #33628 -- Ignored directories with empty names in autoreloader ↵ | Manel Clos | |
| check for template changes. Regression in 68357b2ca9e88c40fc00d848799813241be39129. Backport of 62739b6e2630e37faa68a86a59fad135cc788cd7 from main. | |||
| 2022-04-04 | [3.2.x] Added stub release notes for 3.2.13 and 2.2.28. | Mariusz Felisiak | |
| Backport of 78277faafd38d8360efc1fd0c9c52d7bb5eec002 from main | |||
| 2022-03-26 | [3.2.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+." | Mariusz Felisiak | |
| This reverts commit 1d9d082acf6e152c06833bb9698f88d688b95e40. Backport of abfdb4d7f384fb06ed9b7ca37b548542df7b5dda from main | |||
| 2022-03-25 | [3.2.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+. | Mariusz Felisiak | |
| See https://github.com/pallets/jinja/pull/1621. Backport of 1d9d082acf6e152c06833bb9698f88d688b95e40 from main | |||
| 2022-02-02 | [3.2.x] Fixed typo in release notes. | David Smith | |
| Backport of 770d3e6a4ce8e0a91a9e27156036c1985e74d4a3 from main. | |||
| 2022-02-01 | [3.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive. | Mariusz Felisiak | |
| Backport of 9e0df0d6dde441dbbad2b548d777e0a01d633286 from main | |||
| 2022-02-01 | [3.2.x] Post-release version bump. | Mariusz Felisiak | |
| 2022-02-01 | [3.2.x] Bumped version for 3.2.12 release.3.2.12 | Mariusz Felisiak | |
| 2022-02-01 | [3.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. | Mariusz Felisiak | |
| Thanks Alan Ryan for the report and initial patch. Backport of fc18f36c4ab94399366ca2f2007b3692559a6f23 from main. | |||
| 2022-02-01 | [3.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. | Markus Holtermann | |
| Thanks Keryn Knight for the report. Backport of 394517f07886495efcf79f95c7ee402a9437bd68 from main. Co-authored-by: Adam Johnson <me@adamj.eu> | |||
| 2022-01-25 | [3.2.x] Added stub release notes for 3.2.12 and 2.2.27. | Mariusz Felisiak | |
| Backport of eeca9342381c8583be16f18942774e785ab7e527 from main. | |||
| 2022-01-04 | [3.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security ↵ | Carlton Gibson | |
| archive. Backport of 63869ab1f191ab5781cde8b813b838300455f6d6 from main | |||
| 2022-01-04 | [3.2.x] Post-release version bump. | Carlton Gibson | |
| 2022-01-04 | [3.2.x] Bumped version for 3.2.11 release.3.2.11 | Carlton Gibson | |
| 2022-01-04 | [3.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage ↵ | Florian Apolloner | |
| subsystem. Thanks to Dennis Brinkrolf for the report. | |||
| 2022-01-04 | [3.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in ↵ | Florian Apolloner | |
| dictsort template filter. Thanks to Dennis Brinkrolf for the report. Co-authored-by: Adam Johnson <me@adamj.eu> | |||
| 2022-01-04 | [3.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in ↵ | Florian Apolloner | |
| UserAttributeSimilarityValidator. Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu> | |||
| 2021-12-28 | [3.2.x] Added stub release notes for 3.2.11, and 2.2.26 releases. | Carlton Gibson | |
| Backport of b13d920b7b56d3e088e35311f5ee54f25d2779af from main. | |||
| 2021-12-15 | [3.2.x] Refs #33365, Refs #30530 -- Doc'd re_path() behavior change in ↵ | Mariusz Felisiak | |
| Django 2.2.25, 3.1.14, and 3.2.10. Follow up to d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6. Backport of 5de12a369a7b2231e668e0460c551c504718dbf6 from main | |||
| 2021-12-07 | [3.2.x] Added CVE-2021-44420 to security archive. | Mariusz Felisiak | |
| Backport of 8747052411275d290b2152ffcb8dee11afbb82cd from main | |||
| 2021-12-07 | [3.2.x] Post-release version bump. | Mariusz Felisiak | |
| 2021-12-07 | [3.2.x] Bumped version for 3.2.10 release.3.2.10 | Mariusz Felisiak | |
