summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2025-10-01[5.2.x] Bumped version for 5.2.7 release.5.2.7Jacob Walls
2025-10-01[5.2.x] Fixed CVE-2025-59682 -- Fixed potential partial directory-traversal ↵Sarah Boyce
via archive.extract(). Thanks stackered for the report. Follow up to 05413afa8c18cdb978fcdf470e09f7a12b234a23. Backport of 924a0c092e65fa2d0953fd1855d2dc8786d94de2 from main.
2025-10-01[5.2.x] Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), ↵Mariusz Felisiak
aggregate(), and extra() against SQL injection in column aliases on MySQL/MariaDB. Thanks sw0rd1ight for the report. Follow up to 93cae5cb2f9a4ef1514cf1a41f714fef08005200. Backport of 41b43c74bda19753c757036673ea9db74acf494a from main.
2025-09-30[5.2.x] Made cosmetic edits to 5.2.7 release notes.Jacob Walls
Backport of 6c82b0bc91fc650891b0b411ac4a5a86cf0cf3e8 from main.
2025-09-29[5.2.x] Fixed #36587 -- Clarified usage of `list.insert()` for upload handlers.okaybro
Thanks Baptiste Mispelon for the report Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Backport of afe6634146d0fe70498976c49d2eb4d745aa9064 from main.
2025-09-29[5.2.x] Fixed #35877, Refs #36128 -- Documented unique constraint when ↵Samriddha9619
migrating a m2m field to use a through model. Backport of daba609a9bdc7a97bcf327c7ba0a5f7b3540b46e from main.
2025-09-24[5.2.x] Added stub release notes and release date for 5.2.7, 5.1.13, and 4.2.25.Mariusz Felisiak
Backport of 00174507f8a91e9577ae233c58af561b379f2695 from main.
2025-09-23[5.2.x] Refs #25508 -- Used QuerySet.__repr__ in ↵Jacob Walls
docs/ref/contrib/postgres/search.txt. Backport of efb96138b4af774c22ae6e949410b45d69960357 from main.
2025-09-18[5.2.x] Fixed #36581 -- Updated serialization examples from XML to JSON.CodingWithSaksham
Backport of 762d3be8c559b0abf415be8d6117f04fb6347983 from main.
2025-09-18[5.2.x] Updated translations from Transifex.Natalia
2025-09-18[5.2.x] Fixed OGRInspectTest.test_time_field with memory Spatialite database.David Smith
Backport of 82b3b84a78055844ee07d5d97843a4fc72872e28 from main.
2025-09-17[5.2.x] Fixed #36601 -- Fixed color contrast of FilteredSelectMultiple ↵antoliny0919
widget chosen labels in TabularInlines. Regression in a0f50c2a483678d31bd1ad6f08fd3a0b8399e27b. Backport of 1e7728888dbbff437ad9847c82b84feb81f785df from main.
2025-09-13[5.2.x] Fixed typo in docs/ref/contrib/contenttypes.txt.Jacob Walls
Backport of c48904a225e2e8f02274257247d5b7d29c5fe183 from main.
2025-09-12[5.2.x] Fixed #36597 -- Corrected directives for functions from email module ↵Mridul Dhall
in docs. Thanks Mike Edmunds for the report. Backport of e183d6c26c8da4486c151f9ce973828e2404a796 from main.
2025-09-09[5.2.x] Fixed #36486 -- Added MongoDB to list of third-party DB backends.Salman
Backport of 46fdeb1373aa7e9089d14440987444493cc9c2e0 from main
2025-09-04[5.2.x] Refs #36588 -- Warned about using external templates in ↵Jake Howard
startapp/startproject commands. Clarified that custom templates provided via `--template` for `starapp` and `startproject` are used as-is, adding a warning that malicious or poorly constructed templates may introduce security issues. Backport of 4e7a991c12a113229e0927974d3bf94ea04eecf6 from main.
2025-09-04[5.2.x] Added missing backticks in docs/releases/security.txt.Mariusz Felisiak
Backport of 686a8a62ae7faba9c3b17080c3532b821e8cb1f3 from main
2025-09-03[5.2.x] Added CVE-2025-57833 to security archive.Sarah Boyce
Backport of f0c05a40d27d69ef3a7b4e5e0199b5dba5b11feb from main.
2025-09-03[5.2.x] Added stub release notes for 5.2.7.Sarah Boyce
Backport of ab7c7dd99b3ddc489d9f007b273d891973212aa3 from main.
2025-09-03[5.2.x] Post-release version bump.Sarah Boyce
2025-09-03[5.2.x] Bumped version for 5.2.6 release.5.2.6Sarah Boyce
2025-09-03[5.2.x] Fixed CVE-2025-57833 -- Protected FilteredRelation against SQL ↵Jake Howard
injection in column aliases. Thanks Eyal Gabay (EyalSec) for the report. Backport of 51711717098d3f469f795dfa6bc3758b24f69ef7 from main.
2025-09-03[5.2.x] Made cosmetic edits to 5.2.6 release notes.Sarah Boyce
Backport of d044e25dc2106b94ebdedf0bfde9238be1a3765c from main.
2025-08-31[5.2.x] Removed unused import in docs/ref/models/expressions.txt example.Clifford Gama
Backport of 21603c5b50cda80610496248810bb6391f08b648 from main
2025-08-29[5.2.x] Fixed #36431 -- Returned tuples for multi-column ForeignObject in ↵SaJH
values()/values_list(). Thanks Jacob Walls and Simon Charette for tests. Signed-off-by: SaJH <wogur981208@gmail.com> Backport of bb7a7701b1a0e8fffe14dcebf5d5bac7f176c02a from main
2025-08-29[5.2.x] Fixed #35831 -- Documented the model form meta API in model form ↵Mustafa Pirbhai
reference docs. Co-authored-by: Jonathan <3218047+jernwerber@users.noreply.github.com> Co-authored-by: Mustafa <117516335+mspirbhai@users.noreply.github.com> Backport of 183fcebf88aa0762a2e28477f9b24c34341a75f4 from main.
2025-08-27[5.2.x] Added stub release notes and release date for 5.2.6, 5.1.12, and 4.2.24.Sarah Boyce
Backport of 4c71e334401a3e83c013419d0e2211543e7e873b from main.
2025-08-27[5.2.x] Corrected definition of "needsinfo" triage stage in contributing guide.Jacob Walls
Backport of 66082a7dac7ad357446168d09e6ca3b305f1faf0 from main
2025-08-23[5.2.x] Removed reference to flake8 file exclusions.Jacob Walls
Obsolete since 41384812efe209c8295a50d78b45e0ffb2992436. (six was removed in 9285926295fbfc86b70e7be8d595d4cfbe7895b8.) Backport of 165ad74c578f94f962624a40dff14e1b2e23a1f8 from main
2025-08-22[5.2.x] Refs #35530 -- Corrected deprecation message in auth.alogin().Mariusz Felisiak
Follow up to ceecd518b19044181a3598c55ebed7c2545963cc. Backport of b3166e1e15824aedb7a609dfda18ef36ea023d06 from main.
2025-08-20[5.2.x] Corrected release notes of calling format_html() without arguments.Mariusz Felisiak
Backport of bcddf641ae705209c01a4b18a9384aa91fdc94e1 from main
2025-08-19[5.2.x] Fixed spelling of "logged-in" when used as an adjective in docs.mengxun
Backport of f5c944b3141c58bb4a5c7bbca61180b2ad7c13aa from main.
2025-08-13[5.2.x] Fixed #36499 -- Adjusted ↵Natalia
utils_tests.test_html.TestUtilsHtml.test_strip_tags following Python's HTMLParser new behavior. Python fixed a quadratic complexity processing for HTMLParser in: https://github.com/python/cpython/commit/6eb6c5db. Backport of 2980627502c84a9fd09272e1349dc574a2ff1fb1 from main.
2025-08-13[5.2.x] Fixed test_utils.tests.HTMLEqualTests.test_parsing_errors following ↵Natalia
Python's HTMLParser fixed parsing. Further details about Python changes can be found in: https://github.com/python/cpython/commit/0243f97cbadec8d985e63b1daec5d1cbc850cae3. Refs #36499. Thank you Clifford Gama for the thorough review! Backport of e4515dad7a6d953c0bd2414127ba36e1446ff41a from main.
2025-08-13[5.2.x] Refs #34378, #36143, #36416 -- Fixed isolation of ↵Jacob Walls
LookupTests.test_in_bulk_preserve_ordering_with_batch_size(). `max_query_params` is a property, so it must be patched on the class. Backport of a68e8565cdd4fc3f8b738fc516095dab142b9d65 from main.
2025-08-13[5.2.x] Aligned format of constraint examples in ↵David Sanders
docs/ref/models/constraints.txt. Backport of fda3c1712a1eb7b20dfc91e6c9abae32bd64d081 from main.
2025-08-11[5.2.x] Corrected code examples in topics docs.Rohit
Backport of fa804d0d14ef4547b4fe2a88ab5d89d4eed5bacd from main.
2025-08-06[5.2.x] Added stub release notes for 5.2.6.Sarah Boyce
Backport of 0bff53b4138d8c6009e9040dbb8916a1271a68d7 from main.
2025-08-06[5.2.x] Post-release version bump.Sarah Boyce
2025-08-06[5.2.x] Bumped version for 5.2.5 release.5.2.5Sarah Boyce
2025-08-06[5.2.x] Added release date for 5.2.5.Sarah Boyce
Backport of 8999b0e2bf62ffa1ea19995508712ed8eda2cc14 from main.
2025-08-05[5.2.x] Refs #36485 -- Grouped docs checks under a unified make check target.David Smith
Added a new 'check' rule to the docs Makefile which runs both the black and spelling checks. Backport of 7f9bf357feac06bb34017e1f6c7a7730b1991ede from main.
2025-08-05[5.2.x] Refs #34140 -- Added dedicated code block formatting section in ↵David Smith
docs/internals/contributing/writing-documentation.txt. Backport of cba73281966c816824c9bfa028a1bf44e188ded2 from main.
2025-08-05[5.2.x] Fixed #36530 -- Extended fields.E347 to check for ManyToManyField ↵jkhall81
involving CompositePrimaryKey on either side. Thanks to Jacob Walls for the report. Backport of 2013092b693be0ebdf36f41dc61615a2de1bbe31 from main.
2025-08-04[5.2.x] Fixed #36535 -- Ensured compatibility with docutils 0.19 through 0.22.Natalia
Regression in 65ab92f6a83644bbb555d0eff3a02d8d9301aba4. Backport of 9cec8d9f55d90fbc162fde23d6ea7a34e322fcae from main.
2025-08-04[5.2.x] Corrected assertNumQueries() example in docs/topics/testing/tools.txt.Adam Zapletal
Backport of dca8284a376128c64bd0e0792ad12391ae3e7202 from main.
2025-08-04[5.2.x] Fixed #34871, #36518 -- Implemented unresolved lookups expression ↵Simon Charette
replacement. This allows the proper resolving of lookups when performing constraint validation involving Q and Case objects. Thanks Andrew Roberts for the report and Sarah for the tests and review. Backport of 079d31e698fa08dd92e2bc4f3fe9b4817a214419 from main.
2025-08-04[5.2.x] Fixed #36198 -- Implemented unresolved transform expression replacement.Simon Charette
This allows the proper resolving of F("field__transform") when performing constraint validation. Thanks Tom Hall for the report and Sarah for the test. Prerequisite for #36518. Backport of fc303551077c3e023fe4f9d01fc1b3026c816fa4 from main.
2025-07-29[5.2.x] Fixed writer_name deprecation warning in docutils 0.22+.Mariusz Felisiak
Backport of 65ab92f6a83644bbb555d0eff3a02d8d9301aba4 from main.
2025-07-28[5.2.x] Fixed #36522 -- Added support for filtering composite pks using a ↵Simon Charette
tuple of expressions. Thanks Jacob Walls for the report, and Sarah Boyce and Mariusz Felisiak for reviews. Backport of 0a4999b422702c64e21f5a10a4d60300b7074401 from main.