summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-02-14[4.0.x] Bumped version for 4.0.10 release.4.0.10Carlton Gibson
2023-02-07[4.0.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.Markus Holtermann
Thanks to Jakob Ackermann for the report.
2023-02-07[4.0.x] Added stub release notes for 4.0.10 and 3.2.18.Carlton Gibson
Backport of 7e003428f96d616c1f77fed84882a95e63bc3644 from main
2023-02-02[4.0.x] Fixed thread termination in servers.tests.LiveServerPort on Python < ↵Mariusz Felisiak
3.10.9. TestCase.doClassCleanups() cannot be called on Python < 3.10.9 because setUpClass()/tearDownClass() are called multiple times in LiveServerTestCase tests (refs #27079).
2023-02-02[4.0.x] Fixed thread termination in servers.tests.LiveServerPort on Python ↵Mariusz Felisiak
3.10.9+. Class cleanups registered in TestCase subclasses are no longer called as TestCase.doClassCleanups() only cleans up the particular class, see https://github.com/python/cpython/commit/c2102136be569e6fc8ed90181f229b46d07142f8 Backport of d02a9f0cee84e3d23f676bdf2ab6aadbf4a5bfe8 from main.
2023-02-01[4.0.x] Added CVE-2023-23969 to security archive.Mariusz Felisiak
Backport of 36e3eef7d5a4c88671d20a561788679d0d9c334c from main
2023-02-01[4.0.x] Ignored e565a5cd187197a6349e55d7a4c68a9e12e2fd20 formatting changes ↵Mariusz Felisiak
in git blame.
2023-02-01[4.0.x] Refs #33476 -- Applied Black's 2023 stable style.David Smith
Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0 Backport of 097e3a70c1481ee7b042b2edd91b2be86fb7b5b6 from main.
2023-02-01[4.0.x] Post-release version bump.Mariusz Felisiak
2023-02-01[4.0.x] Bumped version for 4.0.9 release.4.0.9Mariusz Felisiak
2023-02-01[4.0.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for ↵Nick Pope
Accept-Language. The parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. Accept-Language headers are now limited to a maximum length in order to avoid this issue.
2023-01-31[4.0.x] Fixed E501 flake8 error.Mariusz Felisiak
2023-01-31[4.0.x] Fixed inspectdb.tests.InspectDBTestCase.test_custom_fields() on ↵Mariusz Felisiak
SQLite 3.37+. Use FlexibleFieldLookupDict which is case-insensitive mapping because SQLite 3.37+ returns some data type names upper-cased e.g. TEXT. Backport of 974e3b8750fe96c16c9c0b115a72ee4a2171df34 from main.
2023-01-31[4.0.x] Bumped versions in pre-commit and npm configurations.Mariusz Felisiak
Backport of f825536b5e09b3a047fec0c10aabd91bace0995c from main.
2023-01-31[4.0.x] Added packaging tools to GitHub actions.Mariusz Felisiak
Backport of fbacaa58ffc5a62456ee68b90efa13957f761ce4 from main.
2023-01-31[4.0.x] Used GitHub actions for Windows tests.Tom Forbes
Backport of f97401d1b184406d2e24f11eddbdaca8bbc360e3 from main
2023-01-31[4.0.x] Skipped GitHub actions for linters and JavaScript tests on purely ↵Mariusz Felisiak
doc changes. Backport of 48924966e275670623bd7e33e9089f895f6a3110 from main
2023-01-25[4.0.x] Adjusted release notes for 4.0.9, and 3.2.17.Carlton Gibson
Backport of d8e1442ce2c56282785dd806e5c1147975e8c857 from main
2023-01-25[4.0.x] Added stub release notes for 4.0.9 and 3.2.17.Carlton Gibson
Backport of 1df963ad2476726d63be132c0cee47e07b8250d7 from main
2023-01-25[4.0.x] Corrected passenv value for tox 4.0.6+.Stephen
Backport of 34b328814976a2e2f7907361a494202763649f3f from main
2022-12-29[4.0.x] Disabled auto-created table of contents entries on Sphinx 5.2+.Mariusz Felisiak
Auto-created table of contents entries for all domain objects (e.g. functions, classes, attributes, etc.) were added in Sphinx 5.2, see https://github.com/sphinx-doc/sphinx/issues/6316. An option to control new table of contents entries was added in Sphinx 5.2.3, see https://github.com/sphinx-doc/sphinx/pull/10886. Backport of 279967ec859a9a5240318cf29a077539b0e3139f from main
2022-11-22[4.0.x] Bumped gh-problem-matcher-wrap version to 2.0.0.Mariusz Felisiak
This avoids issues with using deprecated Node.js 12 actions. Backport of 744a1af7f943106e30d538e6ace55c2c66ccd791 from main.
2022-10-29[4.0.x] Removed obsolete doc reference to asyncio.iscoroutinefunction.Nick Pope
Backport of 970f61fefb148284fb2af63b5cc844279254111a from main
2022-10-20[4.0.x] Skipped scrypt tests when OpenSSL 1.1+ is not installed.HieuPham9720
Backport of 3e928de8add92a5f38a562abd7560b023d24b6af from main
2022-10-04[4.0.x] Added CVE-2022-36359 to security archive.Carlton Gibson
Backport of 93d4c9ea1de24eb391cb2b3561b6703fd46374df from main
2022-10-04[4.0.x] Post-release version bump.Carlton Gibson
2022-10-04[4.0.x] Bumped version for 4.0.8 release.4.0.8Carlton Gibson
2022-09-27[4.0.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as ↵Adam Johnson
regular expressions. Thanks to Benjamin Balder Bach for the report.
2022-09-27[4.0.x] Set date and added stub notes for 4.0.8 and 3.2.16 releases.Carlton Gibson
Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main.
2022-08-03[4.0.x] Added CVE-2022-36359 to security archive.Carlton Gibson
Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main
2022-08-03[4.0.x] Post-release version bump.Carlton Gibson
2022-08-03[4.0.x] Bumped version for 4.0.7 release.4.0.7Carlton Gibson
2022-08-03[4.0.x] Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header.Carlton Gibson
Thanks to Motoyasu Saburi for the report.
2022-08-03[4.0.x] Adjusted version 4.0.7 release notes.Carlton Gibson
Backport of 9062c23de80e999009cbe4100d83e90dd0463612 from main
2022-08-03[4.0.x] Ignored 080359c4c5242ef69ac8c58c92f240e71121ffd7 formatting changes ↵Mariusz Felisiak
in git blame.
2022-08-03[4.0.x] Fixed warnings per flake8 5.0.0.Mariusz Felisiak
Backport of c18861804feb6a97afbeabb51be748dd60a04458 from main.
2022-08-01[4.0.x] Fixed collation tests on MySQL 8.0.30+.Mariusz Felisiak
The utf8_ collations are renamed to utf8mb3_* on MySQL 8.0.30+. Backport of 88dba2e3fd64b64bcf4fae83b256b4f6f492558f from main
2022-07-27[4.0.x] Adjusted release notes for 4.0.7 and 3.2.15.Carlton Gibson
Backport of cadd864f6878c1c02a014589876ece166befdeb3 from main
2022-07-27[4.0.x] Added release date and stub release notes for 4.0.7 and 3.2.15 releases.Carlton Gibson
Backport of 0c1675781ec5944132fe5a475ca6064edc71bd81 from main
2022-07-26[4.0.x] Fixed #33820 -- Doc'd "true"/"false"/"null" caveat for JSONField key ↵Mariusz Felisiak
transforms on SQLite. Thanks Johnny Metz for the report. Regression in 71ec102b01fcc85acae3819426a4e02ef423b0fa. Backport of e20e5d1557785ba71e8ef0ceb8ccb85bdc13840a from main
2022-07-05[4.0.x] Fixed RelatedGeoModelTest.test08_defer_only() on MySQL 8+ with ↵Mariusz Felisiak
MyISAM storage engine. Backport of 73766c118781a7f7052bf0a5fbee38b944964e31 from main
2022-07-04[4.0.x] Added CVE-2022-34265 to security archive.Mariusz Felisiak
Backport of d12d7c4c42814736c24731a6a300a79526fc2ef6 from main
2022-07-04[4.0.x] Added stub release notes for 4.0.7.Mariusz Felisiak
Backport of c6932ea2ea7ec431245b9a343c72318bb758072f from main
2022-07-04[4.0.x] Post-release version bump.Mariusz Felisiak
2022-07-04[4.0.x] Bumped version for 4.0.6 release.4.0.6Mariusz Felisiak
2022-07-04[4.0.x] Updated man page for Django 4.0.6.Mariusz Felisiak
2022-07-04[4.0.x] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) ↵Mariusz Felisiak
against SQL injection. Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
2022-07-02[4.0.x] Fixed typo in docs/topics/signals.txt.Aristotelis Mikropoulos
Backport of 5eb6a2b33d70b9889e1cafa12594ad6f80773d3a from main
2022-07-01[4.0.x] Fixed GEOSTest.test_emptyCollections() on GEOS 3.8.0.Mariusz Felisiak
It's a regression in GEOS 3.8.0 fixed in GEOS 3.8.1. Backport of 863aa7541d30247e7eb7a973ff68a7d36f16dc02 from main
2022-06-27[4.0.x] Fixed docs build with sphinxcontrib-spelling 7.5.0+.Mariusz Felisiak
sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set of nodes for which the text is checked. Backport of ac90529cc58507d9a07610809a795ec5fc3cbf8c from main.