summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2025-07-02[5.2.x] Bumped version for 5.2.4 release.5.2.4Natalia
2025-07-02Fixed AttributeError for enterContext() on Python < 3.11.Natalia
On Jenkins with Python 3.10: Traceback (most recent call last): File "[...]/python3.10/tests/composite_pk/test_filter.py", line 559, in setUp self.enterContext(feature_patch) AttributeError: 'CompositePKFilterTupleLookupFallbackTests' object has no attribute 'enterContext'
2025-06-30[5.2.x] Fixed #36464 -- Fixed "__in" tuple lookup on backends lacking native ↵Simon Charette
support. When native support for tuple lookups is missing in a DB backend, it can be emulated with an EXISTS clause. This is controlled by the backend feature flag "supports_tuple_lookups". The mishandling of subquery right-hand side in `TupleIn` (added to support `CompositePrimaryKey` in Refs #373) was likely missed because the only core backend we test with the feature flag disabled (Oracle < 23.4) supports it natively. Thanks to Nandana Raol for the report, and to Sarah Boyce, Jacob Walls, and Natalia Bidart for reviews. Backport of 192bc7a7be92e20cc250907fb4083df689715679 from main.
2025-06-18[5.2.x] Clarified that only latest dependency versions are valid for ↵Jake Howard
security reports. Backport of bc1bfe12b613334bd625aeb36fd44af96d186c10 from main.
2025-06-17[5.2.x] Added guidance on AI-assisted security reports to ↵nessita
docs/internals/security.txt. Co-authored-by: Shai Berger <shai@platonix.com> Co-authored-by: Mike Edmunds <medmunds@gmail.com> Backport of 0f60102444d8a2cfb662a7b11b3911b52567ee54 from main.
2025-06-16[5.2.x] Fixed #36453 -- Made When.condition resolve with for_save=False.Clifford Gama
Value(None, JSONField()) when used in When.condition incorrectly resolved with for_save=True, resulting in the value being serialized as SQL NULL instead of JSON null. Regression in c1fa3fdd040718356e5a3b9a0fe699d73f47a940. Thanks to Thomas McKay for the report, and to David Sanders and Simon Charettes for the review. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> Backport of 104cbfd44b9eff010daf0ef0e1ce434385855b13 from main.
2025-06-16[5.2.x] Fixed #36447 -- Selected preferred media type based on quality.Jake Howard
When matching which entry in the `Accept` header should be used for a given media type, the specificity matters. However once those are resolved, only the quality matters when selecting preference. Regression in c075508b4de8edf9db553b409f8a8ed2f26ecead. Thank you to Anders Kaseorg for the report. Backport of 12c1557060fc94fe5e1fbddc4578a4e29d38f77c from main.
2025-06-13[5.2.x] Corrected jsonfield fieldlookup references.Sarah Boyce
Backport of 8e2249bc79a74d96f9ad20c89f82a89c78d4b648 from main.
2025-06-12[5.2.x] Fixed #36463 -- Fixed grammar in docs/intro/contributing.txt.Sulove Bista
Backport of e80b33ae4d6f93375b10b2fe50bd6f588f1246ad from main.
2025-06-12[5.2.x] Fixed #36454 -- Fixed typo in docs/intro/tutorial08.txt.ruvilonix
Backport of 87a5ae6c5b55da922e47226e6d54c6d26466a0bd from main.
2025-06-11[5.2.x] Fixed #36425 -- Standardized integer fields descriptions.junghwan16
Backport of 091f66e51aa900f7d7650529621bdc8e4b0dee68 from main.
2025-06-10[5.2.x] Added follow-up to CVE-2025-48432 to security archive.Sarah Boyce
Backport of 2714bc3f2c8675d32caae764c874ac381c836c7f from main.
2025-06-10[5.2.x] Added stub release notes for 5.2.4.Sarah Boyce
Backport of 7fcc7b1a0cc7e7c542b37a094731bbf632636f1f from main.
2025-06-10[5.2.x] Post-release version bump.Sarah Boyce
2025-06-10[5.2.x] Bumped version for 5.2.3 release.5.2.3Sarah Boyce
2025-06-10[5.2.x] Refs #373 -- Doc'd that on_delete is ignored for ForeignObject.Jacob Walls
Backport of 76e1ca77bc9cdfa12df9541c32b75af926dbdfea from main.
2025-06-10[5.2.x] Fixed #36449 -- Fixed field types in example model using ForeignObject.Jacob Walls
Backport of 59427547692b433bef3640a96cc0f6601f57532f from main.
2025-06-10[5.2.x] Refs #36419 -- Fixed BulkUpdateTests.test_json_field_sql_null() ↵Mariusz Felisiak
crash on Oracle. Follow up to c1fa3fdd040718356e5a3b9a0fe699d73f47a940. Backport of f5441e42da691ee2e7aeeb9be70f98e2bce6d17d from main.
2025-06-09[5.2.x] Fixed #36446 -- Restored "q" in internal MediaType.params property.Natalia
The "q" key was removed while addressing ticket #36411. Despite `MediaType.params` is undocumented and considered internal, it was used in third-party projects (Zulip reported breakage), so this work restored the `q` key in `params`. Thanks Anders Kaseorg for the report. Regression in c075508b4de8edf9db553b409f8a8ed2f26ecead. Backport of cf5f36bf903a2854f5e395149cee707115b83744 from main.
2025-06-06[5.2.x] Fixed #36419 -- Ensured for_save was propagated when resolving ↵Clifford Gama
expressions. The for_save flag wasn't properly propagated when resolving expressions, which prevented get_db_prep_save() from being called in some cases. This affected fields like JSONField where None would be saved as JSON null instead of SQL NULL. Regression in 00c690efbc0b10f67924687f24a7b30397bf47d9. Thanks to David Sanders and Simon Charette for reviews. Co-authored-by: Adam Johnson <me@adamj.eu> Backport of c1fa3fdd040718356e5a3b9a0fe699d73f47a940 from main.
2025-06-06[5.2.x] Refs CVE-2025-48432 -- Prevented log injection in remaining response ↵Jake Howard
logging. Migrated remaining response-related logging to use the `log_response()` helper to avoid potential log injection, to ensure untrusted values like request paths are safely escaped. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Backport of 957951755259b412d5113333b32bf85871d29814 from main.
2025-06-06[5.2.x] Refs CVE-2025-48432 -- Made SuspiciousOperation logging use ↵Natalia
log_response() for consistency. Backport of ff835f439cb1ecd8d74a24de12e3c03e5477dc9d from main.
2025-06-06[5.2.x] Refactored logging_tests to reuse assertions for log records.Natalia
Backport of 9d72e7daf7299ef1ece56fd657a02f77a469efe9 from main.
2025-06-06[5.2.x] Updated translations from Transifex.Sarah Boyce
2025-06-05[5.2.x] Improved "fetch" translations helper to restrict the resulting set ↵Natalia
by date. Backport of e715b07cf32f9d913f10efe87db7b4b0d793237a from main.
2025-06-04[5.2.x] Added CVE-2025-48432 to security archive.Natalia
Backport of 51923c576a596ad00214e44028f9dee9748bce95 from main.
2025-06-04[5.2.x] Added stub release notes for 5.2.3.Natalia
Backport of 1f19c36e2d57607b82476cc90bc881ac2586d2d5 from main.
2025-06-04[5.2.x] Post-release version bump.Natalia
2025-06-04[5.2.x] Bumped version for 5.2.2 release.5.2.2Natalia
2025-06-04[5.2.x] Fixed CVE-2025-48432 -- Escaped formatting arguments in ↵Natalia
`log_response()`. Suitably crafted requests containing a CRLF sequence in the request path may have allowed log injection, potentially corrupting log files, obscuring other attacks, misleading log post-processing tools, or forging log entries. To mitigate this, all positional formatting arguments passed to the logger are now escaped using "unicode_escape" encoding. Thanks to Seokchan Yoon (https://ch4n3.kr/) for the report. Co-authored-by: Carlton Gibson <carlton@noumenal.es> Co-authored-by: Jake Howard <git@theorangeone.net> Backport of a07ebec5591e233d8bbb38b7d63f35c5479eef0e from main.
2025-06-04[5.2.x] Fixed #36432 -- Fixed a prefetch_related crash on related target ↵Simon Charette
subclass queryset. Regression in 626d77e52a3f247358514bcf51c761283968099c. Refs #36116. Thanks Cornelis Poppema for the excellent report. Backport of 08187c94ed02c45ad40a32244dedeaa7ac71ca87 from main.
2025-06-03[5.2.x] Fixed #36411 -- Made HttpRequest.get_preferred_type() consider media ↵Jake Howard
type parameters. HttpRequest.get_preferred_type() did not account for parameters in Accept header media types (e.g., "text/vcard; version=3.0"). This caused incorrect content negotiation when multiple types differed only by parameters, reducing specificity as per RFC 7231 section 5.3.2 (https://datatracker.ietf.org/doc/html/rfc7231.html#section-5.3.2). This fix updates get_preferred_type() to treat media types with parameters as distinct, allowing more precise and standards-compliant matching. Thanks to magicfelix for the report, and to David Sanders and Sarah Boyce for the reviews. Backport of c075508b4de8edf9db553b409f8a8ed2f26ecead from main.
2025-06-03[5.2.x] Fixed #36416 -- Made QuerySet.in_bulk() account for composite pks in ↵Jacob Walls
id_list. Backport of 26313bc21932d0d3af278ab387549d63b1f64575 from main.
2025-06-02[5.2.x] Fixed #36423 -- Prevented filter_horizontal buttons from ↵Blayze
intercepting form submission. In the admin's filter_horizontal widget, optional action buttons like "Choose all", "Remove all", etc. were changed from `<a>` to `<button>` elements in #34619, but without specifying `type="button"`. As a result, when pressing Enter while focused on a form input, these buttons could be triggered and intercept form submission. Explicitly set `type="button"` on these control buttons to prevent them from acting as submit buttons. Thanks Antoliny Lee for the quick triage and review. Regression in 857b1048d53ebf5fc5581c110e85c212b81ca83a. Backport of 90429625a85f1f77dfea200c91bd2dabab57974f from main.
2025-05-28[5.2.x] Added stub release notes and release date for 5.2.2, 5.1.10, and 4.2.22.Natalia
Backport of 1a744343999c9646912cee76ba0a2fa6ef5e6240 from main.
2025-05-26[5.2.x] Fixed #36402, Refs #35980 -- Updated built package name in reusable ↵Jason Judkins
apps tutorial for PEP 625. Backport of 1307b8a1cb05762147736d0f347792b33f645390 from main.
2025-05-23[5.2.x] Fixed #36405 -- Fixed OrderableAggMixin.order_by using OuterRef.Adam Johnson
co-authored-by: Simon Charette <charette.s@gmail.com> Backport of c2615a050036eda0bca090c707191076220cee9f from main.
2025-05-23[5.2.x] Fixed #36404 -- Fixed Aggregate.filter using OuterRef.Adam Johnson
Regression in a76035e925ff4e6d8676c65cb135c74b993b1039. Thank you to Simon Charette for the review. co-authored-by: Simon Charette <charette.s@gmail.com> Backport of b8e5a8a9a2a767f584cbe89a878a42363706f939 from main.
2025-05-23[5.2.x] Fixed typo in docs/ref/forms/renderers.txt.Adam Zapletal
Backport of d2732c30af28381f5a2ff1b08f754eeb7a6dfeca from main.
2025-05-23[5.2.x] Fixed #36390 -- Deprecated RemoteUserMiddleware subclasses missing ↵Sarah Boyce
aprocess_request(). Regression in 50f89ae850f6b4e35819fe725a08c7e579bfd099. Thank you to shamoon for the report and Natalia Bidart for the review. Backport of 1704c49a9b149b66b6a0e67abc8c95293bc35649 from main.
2025-05-22[5.2.x] Added helpers in csrf_tests and logging_tests to assert logs from ↵Natalia
`log_response()`. Backport of ad6f99889838ccc2c30b3c02ed3868c9b565e81b from main.
2025-05-22[5.2.x] Refs #26688 -- Added tests for `log_response()` internal helper.Natalia
Backport of 897046815944cc9a2da7ed9e8082f45ffe8110e3 from main.
2025-05-19[5.2.x] Fixed #36388 -- Made QuerySet.union() return self when called with ↵Colleen Dunlap
no arguments. Regression in 9cb8baa0c4fa2c10789c5c8b65f4465932d4d172. Thank you to Antoine Humeau for the report and Simon Charette for the review. Backport of 802baf5da5b8d8b44990a8214a43b951e7ab8b39 from main.
2025-05-16[5.2.x] Fixed #36392 -- Raised ValueError when subquery referencing ↵Jacob Walls
composite pk selects too many columns. Backport of 994dc6d8a1bae717baa236b65e11cf91ce181c53 from main.
2025-05-15[5.2.x] Added missing import in docs/ref/contrib/admin/index.txt.antoliny0919
Backport of a79c411147800a60169ea943545686cd9261cdc5 from main.
2025-05-15[5.2.x] Fixed incorrect spacing in docs/ref/contrib/postgres/fields.txt.Jacob Walls
Backport of e52100a2508ecbb105926128ce80f4ef04bb3c95 from main.
2025-05-13[5.2.x] Updated guidance to propose new feature ideas in contributing docs.Lily Foote
These changes include: * Clarification of the new feature proposal and evaluation process. * Reodering "points to consider" into reporting bugs section, since these are mostly trac-specific. * Narrowing the guide on user interface bugs and features to just bugs. * Updating documentation for Someday/Maybe triage stage. Co-authored-by: Tim Schilling <schilling711@gmail.com> Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Backport of 188799e67c2c497419f448359775930c866fe28d from main.
2025-05-12[5.2.x] Fixed #36373 -- Fixed select_related() crash on foreign object for a ↵Simon Charette
composite pk. Thanks Jacob Walls for the report and Sarah for the in-depth review. Backport of 8be0c0d6901669661fca578f474cd51cd284d35a from main.
2025-05-09[5.2.x] Refs #35980 -- Added release note about changes in release artifacts ↵Natalia
filenames. Backport of 42ab99309d347f617d60751c2e8d627fb2963049 from main.
2025-05-09[5.2.x] Removed "Expected" from release date for 5.2.1, 5.1.9, and 4.2.21.Natalia
Backport of c86156378db09e68db3a9ae1c108f661a67e3abe from main.