| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-11-01 | [3.2.x] Bumped version for 3.2.23 release.3.2.23 | Mariusz Felisiak | |
| 2023-11-01 | [3.2.x] Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows. | Mariusz Felisiak | |
| Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. | |||
| 2023-10-25 | [3.2.x] Added stub release notes for 3.2.23. | Mariusz Felisiak | |
| Backport of fdd1323b9c83e56184e0c992af8faf8d54327775 from main. | |||
| 2023-10-04 | [3.2.x] Added CVE-2023-43665 to security archive. | Natalia | |
| Backport of 4e790271e3e65c9ad037b347a34fa95e11982228 from main | |||
| 2023-10-04 | [3.2.x] Post release version bump. | Natalia | |
| 2023-10-04 | [3.2.x] Bumped version for 3.2.22 release.3.2.22 | Natalia | |
| 2023-10-04 | [3.2.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in ↵ | Natalia | |
| django.utils.text.Truncator when truncating HTML text. Thanks Wenchao Li of Alibaba Group for the report. | |||
| 2023-09-27 | [3.2.x] Added stub release notes for 3.2.22. | Natalia | |
| Backport of 24f1a38b37c0af3a5ce0dd7b5392fe4e75d7e1dc from main. | |||
| 2023-09-04 | [3.2.x] Added CVE-2023-41164 to security archive. | Mariusz Felisiak | |
| Backport of 8a98768868a104ea3ce10d8182590bdd095d9ccb from main | |||
| 2023-09-04 | [3.2.x] Post-release version bump. | Mariusz Felisiak | |
| 2023-09-04 | [3.2.x] Bumped version for 3.2.21 release.3.2.21 | Mariusz Felisiak | |
| 2023-09-04 | [3.2.x] Fixed CVE-2023-41164 -- Fixed potential DoS in ↵ | Mariusz Felisiak | |
| django.utils.encoding.uri_to_iri(). Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. Co-authored-by: nessita <124304+nessita@users.noreply.github.com> | |||
| 2023-08-28 | [3.2.x] Added stub release notes for 3.2.21. | Mariusz Felisiak | |
| Backport of 24f1a38b37c0af3a5ce0dd7b5392fe4e75d7e1dc from main. | |||
| 2023-08-03 | [3.2.x] Fixed #34756 -- Fixed docs HTML build on Sphinx 7.1+. | David Smith | |
| Backport of b3e0170ab546a96930ce3114b0a1a560953c0ff4 from main | |||
| 2023-07-03 | [3.2.x] Added CVE-2023-36053 to security archive. | Mariusz Felisiak | |
| Backport of 1d6fbf16f24200a556beb6dd197439944deb6837 from main | |||
| 2023-07-03 | [3.2.x] Post-release version bump. | Mariusz Felisiak | |
| 2023-07-03 | [3.2.x] Bumped version for 3.2.20 release.3.2.20 | Mariusz Felisiak | |
| 2023-07-03 | [3.2.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator ↵ | Mariusz Felisiak | |
| and URLValidator. Thanks Seokchan Yoon for reports. | |||
| 2023-06-26 | [3.2.x] Added stub release notes for 3.2.20. | Mariusz Felisiak | |
| Backport of 2360ba22742c3ee8729697bfe2d508110465af56 from main | |||
| 2023-05-04 | [3.2.x] Fixed MultipleFileFieldTest.test_file_multiple_validation() test if ↵ | Mariusz Felisiak | |
| Pillow isn't installed. Follow up to fb4c55d9ec4bb812a7fb91fa20510d91645e411b. Backport of fcfbf08abe3e6dc54894df6988024f055abc6c40 from main | |||
| 2023-05-03 | [3.2.x] Added CVE-2023-31047 to security archive. | Mariusz Felisiak | |
| Backport of 49830025c992fbc8d8f213e7c16dba1391c6adf2 from main | |||
| 2023-05-03 | [3.2.x] Post-release version bump. | Mariusz Felisiak | |
| 2023-05-03 | [3.2.x] Bumped version for 3.2.19 release.3.2.19 | Mariusz Felisiak | |
| 2023-05-03 | [3.2.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass of ↵ | Mariusz Felisiak | |
| validation when uploading multiple files using one form field. Thanks Moataz Al-Sharida and nawaik for reports. Co-authored-by: Shai Berger <shai@platonix.com> Co-authored-by: nessita <124304+nessita@users.noreply.github.com> | |||
| 2023-04-26 | [3.2.x] Added missing backticks in docs/releases/1.7.txt. | Mariusz Felisiak | |
| 2023-04-26 | [3.2.x] Added stub release notes for 3.2.19. | Mariusz Felisiak | |
| Backport of 18a7f2c711529f8e43c36190a5e2479f13899749 from main | |||
| 2023-02-14 | [3.2.x] Added CVE-2023-24580 to security archive. | Carlton Gibson | |
| Backport of ecafcaf634fcef93f9da8cb12795273dd1c3a576 from main | |||
| 2023-02-14 | [3.2.x] Post-release version bump. | Carlton Gibson | |
| 2023-02-14 | [3.2.x] Bumped version for 3.2.18 release.3.2.18 | Carlton Gibson | |
| 2023-02-07 | [3.2.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files. | Markus Holtermann | |
| Thanks to Jakob Ackermann for the report. | |||
| 2023-02-07 | [3.2.x] Added stub release notes for 3.2.18. | Carlton Gibson | |
| Backport of 7e003428f96d616c1f77fed84882a95e63bc3644 from main | |||
| 2023-02-01 | [3.2.x] Added CVE-2023-23969 to security archive. | Mariusz Felisiak | |
| Backport of 36e3eef7d5a4c88671d20a561788679d0d9c334c from main | |||
| 2023-02-01 | [3.2.x] Post-release version bump. | Mariusz Felisiak | |
| 2023-02-01 | [3.2.x] Bumped version for 3.2.17 release.3.2.17 | Mariusz Felisiak | |
| 2023-02-01 | [3.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for ↵ | Nick Pope | |
| Accept-Language. The parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. Accept-Language headers are now limited to a maximum length in order to avoid this issue. | |||
| 2023-01-31 | [3.2.x] Fixed inspectdb.tests.InspectDBTestCase.test_custom_fields() on ↵ | Mariusz Felisiak | |
| SQLite 3.37+. Use FlexibleFieldLookupDict which is case-insensitive mapping because SQLite 3.37+ returns some data type names upper-cased e.g. TEXT. Backport of 974e3b8750fe96c16c9c0b115a72ee4a2171df34 from main | |||
| 2023-01-31 | [3.2.x] Removed 'tests' path prefix in a couple tests. | Tim Graham | |
| Backport of 694cf458f16b8d340a3195244196980b2dec34fd from main. | |||
| 2023-01-25 | [3.2.x] Adjusted release notes for 3.2.17. | Carlton Gibson | |
| Backport of d8e1442ce2c56282785dd806e5c1147975e8c857 from main | |||
| 2023-01-25 | [3.2.x] Added stub release notes for 3.2.17. | Carlton Gibson | |
| Backport of 1df963ad2476726d63be132c0cee47e07b8250d7 from main | |||
| 2023-01-25 | [3.2.x] Corrected passenv value for tox 4.0.6+. | Stephen | |
| Backport of 34b328814976a2e2f7907361a494202763649f3f from main | |||
| 2022-12-29 | [3.2.x] Disabled auto-created table of contents entries on Sphinx 5.2+. | Mariusz Felisiak | |
| Auto-created table of contents entries for all domain objects (e.g. functions, classes, attributes, etc.) were added in Sphinx 5.2, see https://github.com/sphinx-doc/sphinx/issues/6316. An option to control new table of contents entries was added in Sphinx 5.2.3, see https://github.com/sphinx-doc/sphinx/pull/10886. Backport of 279967ec859a9a5240318cf29a077539b0e3139f from main | |||
| 2022-10-29 | [3.2.x] Removed obsolete doc reference to asyncio.iscoroutinefunction. | Nick Pope | |
| Backport of 970f61fefb148284fb2af63b5cc844279254111a from main | |||
| 2022-10-04 | [3.2.x] Added CVE-2022-36359 to security archive. | Carlton Gibson | |
| Backport of 93d4c9ea1de24eb391cb2b3561b6703fd46374df from main | |||
| 2022-10-04 | [3.2.x] Post-release version bump. | Carlton Gibson | |
| 2022-10-04 | [3.2.x] Bumped version for 3.2.16 release.3.2.16 | Carlton Gibson | |
| 2022-09-27 | [3.2.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as ↵ | Adam Johnson | |
| regular expressions. Thanks to Benjamin Balder Bach for the report. | |||
| 2022-09-27 | [3.2.x] Added stub notes 3.2.16 release. | Carlton Gibson | |
| Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main | |||
| 2022-08-03 | [3.2.x] Added CVE-2022-36359 to security archive. | Carlton Gibson | |
| Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main | |||
| 2022-08-03 | [3.2.x] Post-release version bump. | Carlton Gibson | |
| 2022-08-03 | [3.2.x] Bumped version for 3.2.15 release.3.2.15 | Carlton Gibson | |
