summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-08-06Fixed CVE-2024-41991 -- Prevented potential ReDoS in ↵Mariusz Felisiak
django.utils.html.urlize() and AdminURLFieldWidget. Thanks Seokchan Yoon for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-06Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc ↵Sarah Boyce
template filters. Thanks to MProgrammer for the report.
2024-08-06Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat.Sarah Boyce
Thanks Elias Myllymäki for the report. Co-authored-by: Shai Berger <shai@platonix.com>
2024-08-05Fixed #35657 -- Made FileField handle db_default values.Sarah Boyce
2024-08-05Extended script to manage translations to support fetching new translations ↵nessita
since a given date.
2024-08-05Fixed #35638 -- Updated validate_constraints to consider db_default.David Sanders
2024-08-05Refs #35638 -- Avoided wrapping expressions with Value in ↵David Sanders
_get_field_value_map() and renamed to _get_field_expression_map().
2024-08-05Used :pypi: role in docs where appropriate.Mariusz Felisiak
2024-08-05Fixed #35628 -- Allowed compatible GeneratedFields for ↵John Parton
ModelAdmin.date_hierarchy.
2024-08-05Refs #35380 -- Updated screenshots in admin docs.Natalia
2024-08-05Refs #35380 -- Updated screenshots in intro docs.Natalia
2024-08-05Fixed #35645, Refs #35558 -- Added "medium" color in the admin CSS to ↵Natalia
improve accessibility of headings.
2024-08-05Refs #35537 -- Improved documentation and test coverage for email ↵Jake Howard
attachments and alternatives.
2024-08-03Fixed #35655 -- Reverted "Fixed #35295 -- Used INSERT with multiple rows on ↵Sarah Boyce
Oracle 23c." This reverts commit 175b04942afaff978013db61495f3b39ea12989b due to a crash when Oracle > 23.3.
2024-08-02Refs #35601, Refs #35599 -- Made cosmetic edits to TelInput/ColorInput docs.Mariusz Felisiak
2024-08-02Fixed #35643 -- Fixed a crash when ordering a QuerySet by a reference ↵Simon Charette
containing "__". Regression in b0ad41198b3e333f57351e3fce5a1fb47f23f376. Refs #34013. The initial logic did not consider that annotation aliases can include lookup or transform separators. Thanks Gert Van Gool for the report and Mariusz Felisiak for the review.
2024-08-02Fixed #35601 -- Added TelInput widget.lucasesposito
2024-08-02Fixed #35599 -- Added ColorInput widget.arjunomray
2024-08-02Fixed #35489 -- Fixed vertical alignment of raw_id_fields widget.Vaarun Sinha
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-01Fixed #35646 -- Extended SafeExceptionReporterFilter.hidden_settings to ↵Markus Holtermann
treat `AUTH` as a sensitive match. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-08-01Improved view_tests.tests.test_debug.ExceptionReporterFilterTests.Natalia
2024-08-01Refs #373 -- Added tuple lookups.Bendeguz Csirmaz
2024-08-01Reverted "Fixed #28646 -- Prevented duplicate index when unique is set to ↵Sarah Boyce
True on PostgreSQL." This reverts commit 9cf9c796be8dd53bc3b11355ff39d65c81d7be6d due to a crash on Oracle as it didn't allow multiple indexes on the same field.
2024-07-31Removed GitHub Actions for creating and checking reminders.nessita
2024-07-31Fixed #35598 -- Added SearchInput widget.Jeremy Thompson
2024-07-31Added stub release notes and release date for 5.0.8 and 4.2.15.Sarah Boyce
2024-07-30Fixed #28646 -- Prevented duplicate index when unique is set to True on ↵Ben Cail
PostgreSQL.
2024-07-29Fixed #35546 -- Emphasised accepted ticket requirement in contributing docs.Maryam Yusuf
2024-07-29Referenced joining the triage and review team as motivation to do PR reviews.Maryam Yusuf
2024-07-29Refs #35074 -- Simplified and unified adding spatial indexes on MySQL and ↵Mariusz Felisiak
Oracle. This uses `deferred_sql` and `_field_indexes_sql()` instead of custom hooks on MySQL.
2024-07-26Added missing skips in constraint tests.Tim Graham
2024-07-25Added dedicated test for invalid inputs in floatformat template filter tests.nessita
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-07-25Fixed #35627 -- Raised a LookupError rather than an unhandled ValueError in ↵Lorenzo Peña
get_supported_language_variant(). LocaleMiddleware didn't handle the ValueError raised by get_supported_language_variant() when language codes were over 500 characters. Regression in 9e9792228a6bb5d6402a5d645bc3be4cf364aefb.
2024-07-25Added contributor guidelines for performance optimizations.Sarah Boyce
2024-07-25Fixed #35331 -- Updated dropdown lists with entries added via the '+' sign ↵Devin Cox
from M2M field.
2024-07-25Fixed #35625 -- Fixed a crash when adding a field with db_default and check ↵Simon Charette
constraint. This is the exact same issue as refs #30408 but for creating a model with a constraint containing % escapes instead of column addition. All of these issues stem from a lack of SQL and parameters separation from the BaseConstraint DDL generating methods preventing them from being mixed with other parts of the schema alteration logic that do make use of parametrization on some backends (e.g. Postgres, MySQL for DEFAULT). Prior to the addition of Field.db_default and GeneratedField in 5.0 parametrization of DDL was never exercised on model creation so this is effectively a bug with db_default as the GeneratedField case was addressed by refs #35336. Thanks Julien Chaumont for the report and Mariusz Felisiak for the review.
2024-07-24Fixed #35604, Refs #35326 -- Made FileSystemStorage.exists() behaviour ↵Sarah Boyce
independent from allow_overwrite. Partially reverts 0b33a3abc2ca7d68a24f6d0772bc2b9fa603744e. Storage.exists(name) was documented to "return False if the name is available for a new file." but return True if the file exists. This is ambiguous in the overwrite file case. It will now always return whether the file exists. Thank you to Natalia Bidart and Josh Schneier for the review.
2024-07-24Fixed #35541 -- Fixed paginator border in admin CSS.arjunomray
2024-07-24Updated asgiref dependency for 5.1 release series.Mariusz Felisiak
2024-07-24Bumped versions in pre-commit and npm configurations.Mariusz Felisiak
2024-07-23Refs #29049 -- Fixed isolation of ↵Mariusz Felisiak
BasicExpressionsTests._test_slicing_of_f_expressions() subtests. Thanks Tim Graham for the report.
2024-07-23Fixed #35585 -- Corrected Query.exists() call in Query.has_results().Flavio Curella
2024-07-23Updated example links in urlize docs.Matthew Somerville
goo.gl links are being removed in 2025: https://developers.googleblog.com/en/google-url-shortener-links-will-no-longer-be-available/
2024-07-22Refs #10941 -- Reorganized querystring template tag docs.nessita
2024-07-22Cleaned up temporary test directories in tests.Mariusz Felisiak
2024-07-22Applied optimizations to template.utils.get_app_template_dirs().sobolevn
2024-07-22Fixed typo in django/test/testcases.py docstring.Jacob Walls
2024-07-22Fixed #35614 -- Prevented SQLCompiler.as_subquery_condition() from mutating ↵Bendeguz Csirmaz
a query.
2024-07-22Fixed broken link in django.core.files.temp docstring.Ellen
2024-07-22Fixed typos in Atomic docstring.Muhammad N. Fadhil