summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-08-07[5.1.x] Bumped version for 5.1 release.5.1Natalia
2024-08-07[5.1.x] Finalized release notes for Django 5.1.Natalia
Backport of 8ad6dc636bd29825937e02b5b689fb278f456f63 from main.
2024-08-07[5.1.x] Fixed i18n.tests.TranslationTests.test_plural to use correct French ↵Natalia
translation.
2024-08-07[5.1.x] Updated translations from Transifex.Natalia
2024-08-06[5.1.x] Added CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, and ↵Sarah Boyce
CVE-2024-42005 to security archive. Backport of fdc638bf4a35b5497d0b3b4faedaf552da792f99 from main.
2024-08-06[5.1.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection ↵Simon Charette
attacks against JSON fields. Thanks Eyal (eyalgabay) for the report.
2024-08-06[5.1.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in ↵Mariusz Felisiak
django.utils.html.urlize() and AdminURLFieldWidget. Thanks Seokchan Yoon for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-06[5.1.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and ↵Sarah Boyce
urlizetrunc template filters. Thanks to MProgrammer for the report.
2024-08-06[5.1.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in ↵Sarah Boyce
floatformat. Thanks Elias Myllymäki for the report. Co-authored-by: Shai Berger <shai@platonix.com>
2024-08-05[5.1.x] Fixed #35657 -- Made FileField handle db_default values.Sarah Boyce
Backport of 8deb6bb1fc427762d56646bf7306cbd11fb5bb68 from main.
2024-08-05[5.1.x] Fixed #35638 -- Updated validate_constraints to consider db_default.David Sanders
Backport of 509763c79952cde02d9f5b584af4278bdbed77b2 from main.
2024-08-05[5.1.x] Refs #35638 -- Avoided wrapping expressions with Value in ↵David Sanders
_get_field_value_map() and renamed to _get_field_expression_map(). Backport of 91a038754bb516d29cb79f0fed4025436b5c5346 from main.
2024-08-05[5.1.x] Used :pypi: role in docs where appropriate.Mariusz Felisiak
Backport of 304d25667433a59409e334a93acaaa9201840508 from main.
2024-08-05[5.1.x] Fixed #35628 -- Allowed compatible GeneratedFields for ↵John Parton
ModelAdmin.date_hierarchy. Backport of 7f8d839722b72aeb3ec5a4278ae57c18283acacd from main.
2024-08-05[5.1.x] Refs #35380 -- Updated screenshots in admin docs.Natalia
Backport of 90adba85b29230acfe354bffd82bc0d3a4d63c9d from main.
2024-08-05[5.1.x] Refs #35380 -- Updated screenshots in intro docs.Natalia
Backport of fb6050e7845fe1a5fa131708be65ad89a31a2633 from main.
2024-08-05[5.1.x] Fixed #35645, Refs #35558 -- Added "medium" color in the admin CSS ↵Natalia
to improve accessibility of headings. Backport of 6e66c77089fa5498066d2aa593979e4f76f5bedc from main.
2024-08-03[5.1.x] Fixed #35655 -- Reverted "Fixed #35295 -- Used INSERT with multiple ↵Sarah Boyce
rows on Oracle 23c." This reverts commit 175b04942afaff978013db61495f3b39ea12989b due to a crash when Oracle > 23.3. Backport of 5424151f96252e1289e9a6f7eb842cd1dc87850a from main.
2024-08-02[5.1.x] Fixed #35643 -- Fixed a crash when ordering a QuerySet by a ↵Simon Charette
reference containing "__". Regression in b0ad41198b3e333f57351e3fce5a1fb47f23f376. Refs #34013. The initial logic did not consider that annotation aliases can include lookup or transform separators. Thanks Gert Van Gool for the report and Mariusz Felisiak for the review. Backport of a16f13a8661297eda12c4177bb01fa2e5b5ccc56 from main.
2024-07-31[5.1.x] Added stub release notes and release date for 5.0.8 and 4.2.15.Sarah Boyce
Backport of 3f880890699d4412cf23b59dba425111f62afb3a from main.
2024-07-26[5.1.x] Added missing skips in constraint tests.Tim Graham
Backport of b6ad8b687adf011245270df17a38c1a42792e3d7 from main.
2024-07-25[5.1.x] Added dedicated test for invalid inputs in floatformat template ↵nessita
filter tests. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> Backport of 1b277b45cc4059760072095f3bd6e8a4e4c4d406 from main.
2024-07-25[5.1.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ↵Lorenzo Peña
ValueError in get_supported_language_variant(). LocaleMiddleware didn't handle the ValueError raised by get_supported_language_variant() when language codes were over 500 characters. Regression in 9e9792228a6bb5d6402a5d645bc3be4cf364aefb. Backport of 0e94f292cda632153f2b3d9a9037eb0141ae9c2e from main.
2024-07-25[5.1.x] Added contributor guidelines for performance optimizations.Sarah Boyce
Backport of 2c024c9ac096d06d9e78d1ae02b52f73a45eadf8 from main.
2024-07-25[5.1.x] Fixed #35625 -- Fixed a crash when adding a field with db_default ↵Simon Charette
and check constraint. This is the exact same issue as refs #30408 but for creating a model with a constraint containing % escapes instead of column addition. All of these issues stem from a lack of SQL and parameters separation from the BaseConstraint DDL generating methods preventing them from being mixed with other parts of the schema alteration logic that do make use of parametrization on some backends (e.g. Postgres, MySQL for DEFAULT). Prior to the addition of Field.db_default and GeneratedField in 5.0 parametrization of DDL was never exercised on model creation so this is effectively a bug with db_default as the GeneratedField case was addressed by refs #35336. Thanks Julien Chaumont for the report and Mariusz Felisiak for the review. Backport of f359990e4909db8722820849d61a6f5724338723 from main.
2024-07-24[5.1.x] Bumped version for 5.1 release candidate 1.5.1rc1Natalia
2024-07-24[5.1.x] Fixed #35604, Refs #35326 -- Made FileSystemStorage.exists() ↵Sarah Boyce
behaviour independent from allow_overwrite. Partially reverts 0b33a3abc2ca7d68a24f6d0772bc2b9fa603744e. Storage.exists(name) was documented to "return False if the name is available for a new file." but return True if the file exists. This is ambiguous in the overwrite file case. It will now always return whether the file exists. Thank you to Natalia Bidart and Josh Schneier for the review. Backport of 8d6a20b656ff3fa18e36954668a44a831c2f6ddd from main.
2024-07-24[5.1.x] Updated asgiref dependency for 5.1 release series.Mariusz Felisiak
Backport of df35cf578f99522dd1ba864d513be95d47bab7a5 from main.
2024-07-23[5.1.x] Updated example links in urlize docs.Matthew Somerville
goo.gl links are being removed in 2025: https://developers.googleblog.com/en/google-url-shortener-links-will-no-longer-be-available/ Backport of fb7be022cb44d8faec52f17042fa58e4c9f02daf from main.
2024-07-22[5.1.x] Refs #10941 -- Reorganized querystring template tag docs.nessita
Backport of cf03aa4e94625971852a09e869f7ee7c328b573f from main.
2024-07-18[5.1.x] Fixed #35603 -- Prevented F.__contains__() from hanging.Simon Charette
Regression in 94b6f101f7dc363a8e71593570b17527dbb9f77f. Backport of 6b3f55446fdc62bd277903fd188a1781e4d92d29 from main.
2024-07-18[5.1.x] Fixed #35606, Refs #34045 -- Fixed rendering of ↵Hisham Mahmood
ModelAdmin.action_checkbox for models with a __html__ method. Thank you Claude Paroz for the report. Regression in 85366fbca723c9b37d0ac9db1d44e3f1cb188db2. Backport of 182f262b15882649bbc39d769f9b721cf3660f6f from main.
2024-07-17[5.1.x] Fixed #35594 -- Added unique nulls distinct validation for expressions.Simon Charette
Thanks Mark Gensler for the report. Backport of adc0b6aac3f8a5c96e1ca282bc9f46e28d20281c from main.
2024-07-17[5.1.x] Refs #30581 -- Made unattached UniqueConstraint(fields) validation ↵Simon Charette
testable. The logic allowing UniqueConstraint(fields).validate to preserve backward compatiblity with Model.unique_error_message failed to account for cases where the constraint might not be attached to a model which is a common pattern during testing. This changes allows for arbitrary UniqueConstraint(fields) to be tested in isolation without requiring actual models backing them up. Co-authored-by: Mark G <mark.gensler@protonmail.com> Backport of 13922580cccfb9ab2922ff4943dd39da56dfbd8c from main.
2024-07-16[5.1.x] Refs #10941 -- Renamed test file test_query_string.py to ↵nessita
test_querystring.py. This follows previous renames made in 27043bde5b795eb4a605aeca1d3bc4345d2ca478. Backport of 5dc17177c38662d6f4408258ee117cd80e0cb933 from main.
2024-07-15[5.1.x] Refs #10941 -- Renamed query_string template tag to querystring.Sarah Boyce
Backport of 27043bde5b795eb4a605aeca1d3bc4345d2ca478 from main.
2024-07-15[5.1.x] Fixed #35464 -- Updated docs to note fieldsets have limited impact ↵Maryam Yusuf
on TabularInlines. Backport of b5f4d76bc400b9f2017da0a52ee4ff0d7c09be15 from main.
2024-07-15[5.1.x] Refs #35560 -- Corrected required feature flags in ↵Mariusz Felisiak
GeneratedModelUniqueConstraint. Backport of 2d3bb414cfb2778cc64f22e7203102d7389f81e6 from main.
2024-07-09[5.1.x] Added CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and ↵Natalia
CVE-2024-39614 to security archive. Backport of e095c7612d49dbe371e9c7edd76ba99b6bc4f9f6 from main.
2024-07-09[5.1.x] Added stub release notes for 5.0.8.Natalia
Backport of 9c356144d7d212017c85ec2cbf8f2dfca4cacdff from main.
2024-07-09[5.1.x] Made cosmetic edits to 5.0.7 release notes.Natalia
Backport of 1062bf730235ecc90f2087f1c2d346615377a006 from main.
2024-07-09[5.1.x] Fixed CVE-2024-39614 -- Mitigated potential DoS in ↵Sarah Boyce
get_supported_language_variant(). Language codes are now parsed with a maximum length limit of 500 chars. Thanks to MProgrammer for the report.
2024-07-09[5.1.x] Fixed CVE-2024-39330 -- Added extra file name validation in ↵Natalia
Storage's save method. Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah Boyce for the reviews.
2024-07-09[5.1.x] Fixed CVE-2024-39329 -- Standarized timing of verify_password() when ↵Michael Manfre
checking unusuable passwords. Refs #20760. Thanks Michael Manfre for the fix and to Adam Johnson for the review.
2024-07-09[5.1.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and ↵Adam Johnson
urlizetrunc template filters. Thank you to Elias Myllymäki for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-07-08Added counterintuitive to the spelling wordlist to fix docs build error.Natalia
This is a follow up of 3b5d04f879f6d3d8ff7f5d82b4a7c801b71b2fd0 which backported 704192e478885762411252979021771ba23b8adb from main.
2024-07-08[5.1.x] Fixed 35506 -- Clarified initial references to URLconf in tutorial 1.lucas-r-oliveira
Backport of 2c931fda5b341e0febf68269d2c2447a64875127 from main.
2024-07-04[5.1.x] Removed outdated note about limitations in Clickjacking protection.Mariusz Felisiak
There is no need to list old browser versions or point users to workarounds. Backport of f302343380c77e1eb5dab3b64dd70895a95926ca from main.
2024-07-04[5.1.x] Replaced usage of "patch" with more precise terms in contributing docs.Andreu Vallbona
Backport of 55a2e3136b13d1af95a4129001dac963c26d8415 from main.
2024-07-04[5.1.x] Relocated database setup details to install docs to simplify tutorial 2.Kudz
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Backport of 82c71f0168b1c132e499505609d285c6016ed4f2 from main.
generated by cgit v1.3 (git 2.53.0) at 2026-06-30 19:18:15 +0000