summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-02-06[3.2.x] Bumped version for 3.2.24 release.3.2.24Natalia
2024-02-06[3.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template ↵Adam Johnson
filter. Thanks Seokchan Yoon for the report. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Co-authored-by: Shai Berger <shai@platonix.com>
2024-01-29[3.2.x] Added stub release notes 3.2.24.Natalia
Backport of 06d0a1bd56a9899c351ca047a05813e8dd6a4e17 from main
2024-01-11[3.2.x] Fixed documented alias of smart_text().Denys Halenok
2023-12-27[3.2.x] Pinned python-memcached == 1.59 in test requirements.Mariusz Felisiak
python-memcached 1.60 made breaking changes, e.g. _deletetouch() has been removed.
2023-11-01[3.2.x] Added CVE-2023-46695 to security archive.Mariusz Felisiak
Backport of 7caf2621833a45cdfe7e6e305e4885ecc8d79744 from main
2023-11-01[3.2.x] Post-release version bump.Mariusz Felisiak
2023-11-01[3.2.x] Bumped version for 3.2.23 release.3.2.23Mariusz Felisiak
2023-11-01[3.2.x] Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows.Mariusz Felisiak
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
2023-10-25[3.2.x] Added stub release notes for 3.2.23.Mariusz Felisiak
Backport of fdd1323b9c83e56184e0c992af8faf8d54327775 from main.
2023-10-04[3.2.x] Added CVE-2023-43665 to security archive.Natalia
Backport of 4e790271e3e65c9ad037b347a34fa95e11982228 from main
2023-10-04[3.2.x] Post release version bump.Natalia
2023-10-04[3.2.x] Bumped version for 3.2.22 release.3.2.22Natalia
2023-10-04[3.2.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in ↵Natalia
django.utils.text.Truncator when truncating HTML text. Thanks Wenchao Li of Alibaba Group for the report.
2023-09-27[3.2.x] Added stub release notes for 3.2.22.Natalia
Backport of 24f1a38b37c0af3a5ce0dd7b5392fe4e75d7e1dc from main.
2023-09-04[3.2.x] Added CVE-2023-41164 to security archive.Mariusz Felisiak
Backport of 8a98768868a104ea3ce10d8182590bdd095d9ccb from main
2023-09-04[3.2.x] Post-release version bump.Mariusz Felisiak
2023-09-04[3.2.x] Bumped version for 3.2.21 release.3.2.21Mariusz Felisiak
2023-09-04[3.2.x] Fixed CVE-2023-41164 -- Fixed potential DoS in ↵Mariusz Felisiak
django.utils.encoding.uri_to_iri(). Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2023-08-28[3.2.x] Added stub release notes for 3.2.21.Mariusz Felisiak
Backport of 24f1a38b37c0af3a5ce0dd7b5392fe4e75d7e1dc from main.
2023-08-03[3.2.x] Fixed #34756 -- Fixed docs HTML build on Sphinx 7.1+.David Smith
Backport of b3e0170ab546a96930ce3114b0a1a560953c0ff4 from main
2023-07-03[3.2.x] Added CVE-2023-36053 to security archive.Mariusz Felisiak
Backport of 1d6fbf16f24200a556beb6dd197439944deb6837 from main
2023-07-03[3.2.x] Post-release version bump.Mariusz Felisiak
2023-07-03[3.2.x] Bumped version for 3.2.20 release.3.2.20Mariusz Felisiak
2023-07-03[3.2.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator ↵Mariusz Felisiak
and URLValidator. Thanks Seokchan Yoon for reports.
2023-06-26[3.2.x] Added stub release notes for 3.2.20.Mariusz Felisiak
Backport of 2360ba22742c3ee8729697bfe2d508110465af56 from main
2023-05-04[3.2.x] Fixed MultipleFileFieldTest.test_file_multiple_validation() test if ↵Mariusz Felisiak
Pillow isn't installed. Follow up to fb4c55d9ec4bb812a7fb91fa20510d91645e411b. Backport of fcfbf08abe3e6dc54894df6988024f055abc6c40 from main
2023-05-03[3.2.x] Added CVE-2023-31047 to security archive.Mariusz Felisiak
Backport of 49830025c992fbc8d8f213e7c16dba1391c6adf2 from main
2023-05-03[3.2.x] Post-release version bump.Mariusz Felisiak
2023-05-03[3.2.x] Bumped version for 3.2.19 release.3.2.19Mariusz Felisiak
2023-05-03[3.2.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass of ↵Mariusz Felisiak
validation when uploading multiple files using one form field. Thanks Moataz Al-Sharida and nawaik for reports. Co-authored-by: Shai Berger <shai@platonix.com> Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2023-04-26[3.2.x] Added missing backticks in docs/releases/1.7.txt.Mariusz Felisiak
2023-04-26[3.2.x] Added stub release notes for 3.2.19.Mariusz Felisiak
Backport of 18a7f2c711529f8e43c36190a5e2479f13899749 from main
2023-02-14[3.2.x] Added CVE-2023-24580 to security archive.Carlton Gibson
Backport of ecafcaf634fcef93f9da8cb12795273dd1c3a576 from main
2023-02-14[3.2.x] Post-release version bump.Carlton Gibson
2023-02-14[3.2.x] Bumped version for 3.2.18 release.3.2.18Carlton Gibson
2023-02-07[3.2.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.Markus Holtermann
Thanks to Jakob Ackermann for the report.
2023-02-07[3.2.x] Added stub release notes for 3.2.18.Carlton Gibson
Backport of 7e003428f96d616c1f77fed84882a95e63bc3644 from main
2023-02-01[3.2.x] Added CVE-2023-23969 to security archive.Mariusz Felisiak
Backport of 36e3eef7d5a4c88671d20a561788679d0d9c334c from main
2023-02-01[3.2.x] Post-release version bump.Mariusz Felisiak
2023-02-01[3.2.x] Bumped version for 3.2.17 release.3.2.17Mariusz Felisiak
2023-02-01[3.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for ↵Nick Pope
Accept-Language. The parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. Accept-Language headers are now limited to a maximum length in order to avoid this issue.
2023-01-31[3.2.x] Fixed inspectdb.tests.InspectDBTestCase.test_custom_fields() on ↵Mariusz Felisiak
SQLite 3.37+. Use FlexibleFieldLookupDict which is case-insensitive mapping because SQLite 3.37+ returns some data type names upper-cased e.g. TEXT. Backport of 974e3b8750fe96c16c9c0b115a72ee4a2171df34 from main
2023-01-31[3.2.x] Removed 'tests' path prefix in a couple tests.Tim Graham
Backport of 694cf458f16b8d340a3195244196980b2dec34fd from main.
2023-01-25[3.2.x] Adjusted release notes for 3.2.17.Carlton Gibson
Backport of d8e1442ce2c56282785dd806e5c1147975e8c857 from main
2023-01-25[3.2.x] Added stub release notes for 3.2.17.Carlton Gibson
Backport of 1df963ad2476726d63be132c0cee47e07b8250d7 from main
2023-01-25[3.2.x] Corrected passenv value for tox 4.0.6+.Stephen
Backport of 34b328814976a2e2f7907361a494202763649f3f from main
2022-12-29[3.2.x] Disabled auto-created table of contents entries on Sphinx 5.2+.Mariusz Felisiak
Auto-created table of contents entries for all domain objects (e.g. functions, classes, attributes, etc.) were added in Sphinx 5.2, see https://github.com/sphinx-doc/sphinx/issues/6316. An option to control new table of contents entries was added in Sphinx 5.2.3, see https://github.com/sphinx-doc/sphinx/pull/10886. Backport of 279967ec859a9a5240318cf29a077539b0e3139f from main
2022-10-29[3.2.x] Removed obsolete doc reference to asyncio.iscoroutinefunction.Nick Pope
Backport of 970f61fefb148284fb2af63b5cc844279254111a from main
2022-10-04[3.2.x] Added CVE-2022-36359 to security archive.Carlton Gibson
Backport of 93d4c9ea1de24eb391cb2b3561b6703fd46374df from main