| Age | Commit message (Collapse) | Author |
|
|
|
dictionary expansion.
Backport of 3c3f46357718166069948625354b8315a8505262 from main.
|
|
the _connector kwarg.
Thanks cyberstan for the report, Sarah Boyce, Adam Johnson, Simon
Charette, and Jake Howard for the reviews.
Backport of c880530ddd4fabd5939bab0e148bebe36699432a from main.
|
|
HttpResponseRedirect/HttpResponsePermanentRedirect on Windows.
Thanks Seokchan Yoon for the report, Markus Holtermann for the
triage, and Jake Howard for the review.
Backport of c880530ddd4fabd5939bab0e148bebe36699432a from main.
|
|
|
|
Python < 3.10.
Regression in 321af4877b62be6849f44e00d1c7e75928e7d3a2.
|
|
Backport of ab108bf94dfc06c311d7dc81866b848fe5b5ee6c from main.
|
|
with tblib 3.2+.
tblib 3.2+ makes exception subclasses with __init__() and the default
__reduce__() picklable. This broke the test for
RemoteTestResult._confirm_picklable(), which expects a specific
exception to fail unpickling.
https://github.com/ionelmc/python-tblib/blob/master/CHANGELOG.rst#320-2025-10-21
This fix defines ExceptionThatFailsUnpickling.__reduce__() in a way
that pickle.dumps(obj) succeeds, but pickle.loads(pickle.dumps(obj))
raises TypeError.
Refs #27301. This preserves the intent of the regression test from
52188a5ca6bafea0a66f17baacb315d61c7b99cd without skipping it.
Backport of 548209e620b3ca34396a360453f07c8dbb8aa6c7 from main.
|
|
Oracle and GEOS 3.12+.
Backport of 344ae16e1e21ab7c0b594d755519738f7f16eaf1 from main
|
|
Backport of 1499c95d990fb776c39ad60e43228cbbbfcad3a8 from main.
|
|
Backport of 43d84aef04a9e71164c21a74885996981857e66e from main.
|
|
|
|
|
|
via archive.extract().
Thanks stackered for the report.
Follow up to 05413afa8c18cdb978fcdf470e09f7a12b234a23.
Backport of 924a0c092e65fa2d0953fd1855d2dc8786d94de2 from main.
|
|
aggregate(), and extra() against SQL injection in column aliases on MySQL/MariaDB.
Thanks sw0rd1ight for the report.
Follow up to 93cae5cb2f9a4ef1514cf1a41f714fef08005200.
Backport of 41b43c74bda19753c757036673ea9db74acf494a from main.
|
|
Backport of 00174507f8a91e9577ae233c58af561b379f2695 from main.
|
|
Backport of 686a8a62ae7faba9c3b17080c3532b821e8cb1f3 from main
|
|
Backport of f0c05a40d27d69ef3a7b4e5e0199b5dba5b11feb from main.
|
|
|
|
|
|
injection in column aliases.
Thanks Eyal Gabay (EyalSec) for the report.
Backport of 51711717098d3f469f795dfa6bc3758b24f69ef7 from main.
|
|
Backport of 4c71e334401a3e83c013419d0e2211543e7e873b from main.
|
|
utils_tests.test_html.TestUtilsHtml.test_strip_tags following Python's HTMLParser new behavior.
Python fixed a quadratic complexity processing for HTMLParser in:
https://github.com/python/cpython/commit/6eb6c5db.
Backport of 2980627502c84a9fd09272e1349dc574a2ff1fb1 from main.
|
|
Python's HTMLParser fixed parsing.
Further details about Python changes can be found in:
https://github.com/python/cpython/commit/0243f97cbadec8d985e63b1daec5d1cbc850cae3.
Refs #36499. Thank you Clifford Gama for the thorough review!
Backport of e4515dad7a6d953c0bd2414127ba36e1446ff41a from main.
|
|
Backport of 9d9b3bc71702e4bd4b7f8e1602d83fd69f871e94 from stable/5.1.x.
|
|
correctly.
Backport of 8499fba0e18826a77fe32cbc13a3d951d9ca8924 from main.
|
|
Backport of 10386fac00be55e73279459f00f1959c3ef30a1c from main.
|
|
Backport of 2714bc3f2c8675d32caae764c874ac381c836c7f from main.
|
|
|
|
|
|
logging.
Migrated remaining response-related logging to use the `log_response()`
helper to avoid potential log injection, to ensure untrusted values like
request paths are safely escaped.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Backport of 957951755259b412d5113333b32bf85871d29814 from main.
|
|
log_response() for consistency.
Backport of ff835f439cb1ecd8d74a24de12e3c03e5477dc9d from main.
|
|
Backport of 9d72e7daf7299ef1ece56fd657a02f77a469efe9 from main.
|
|
Backport of 51923c576a596ad00214e44028f9dee9748bce95 from main.
|
|
|
|
|
|
`log_response()`.
Suitably crafted requests containing a CRLF sequence in the request
path may have allowed log injection, potentially corrupting log files,
obscuring other attacks, misleading log post-processing tools, or
forging log entries.
To mitigate this, all positional formatting arguments passed to the
logger are now escaped using "unicode_escape" encoding.
Thanks to Seokchan Yoon (https://ch4n3.kr/) for the report.
Co-authored-by: Carlton Gibson <carlton@noumenal.es>
Co-authored-by: Jake Howard <git@theorangeone.net>
Backport of a07ebec5591e233d8bbb38b7d63f35c5479eef0e from main.
|
|
Backport of 1a744343999c9646912cee76ba0a2fa6ef5e6240 from main.
|
|
apps tutorial for PEP 625.
Backport of 1307b8a1cb05762147736d0f347792b33f645390 from main.
|
|
`log_response()`.
Backport of ad6f99889838ccc2c30b3c02ed3868c9b565e81b from main.
|
|
Backport of 897046815944cc9a2da7ed9e8082f45ffe8110e3 from main.
|
|
filenames.
Backport of 42ab99309d347f617d60751c2e8d627fb2963049 from main.
|
|
Backport of c86156378db09e68db3a9ae1c108f661a67e3abe from main.
|
|
Backport of 37f2a77c729ccb71059c8e66c49b07499d2edf60 from main.
|
|
Backport of fdabda4e05587347aeb3382a442d7e77c1a0c3e5 from main.
|
|
|
|
|
|
Thanks to Elias Myllymäki for the report, and Shai Berger and Jake
Howard for the reviews.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Backport of 9f3419b519799d69f2aba70b9d25abe2e70d03e0 from main.
|
|
apps docs.
Backport of f71bcc001bb3324020cfd756e84d4e9c6bb98cce from main.
|
|
pyproject.toml.
|