summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2026-03-06Fixed #36968 -- Improved error message when collectstatic can't find a ↵James Bligh
referenced file.
2026-03-06Extended committing code docs to add detailed instructions for backports.Natalia
Thanks to Jacob Walls for the original idea and the review.
2026-03-06Added python script suitable for using as prepare-commit-msg git hook.Natalia
2026-03-06Fixed #36679 -- Fixed Basque date formats to use parenthetical declension ↵Unai Loidi
suffixes. Basque (eu) grammar requires conditional suffixes on years and day articles that depend on the final sound of the preceding word. Since Django's format strings are static, the CLDR parenthetical convention ("(e)ko" instead of "ko") is used to express the optionality. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2026-03-06Extended checks and docs for proper commit message format and edition.Jacob Walls
Thanks to Tim Schilling for the review. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2026-03-06Refs #28877 -- Added special ordinal context when humanizing value 1.Julien Palard
Some languages use a different ordinal suffix for the number 1 than for other values ending in 1 (e.g. 21, 31). Added a dedicated pgettext context "ordinal is 1" to allow translators to handle this distinction. For example, in French, 1 is written as "1er" while 21, 31, etc. use "21e", "31e", etc. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2026-03-05Corrected local name for Basque in django/conf/locale/__init__.py.Julie Rymer
2026-03-04Fixed #21080 -- Ignored urls inside comments during collectstatic.James Bligh
Thanks Mariusz Felisiak for the review. Co-authored-by: Nathan Gaberel <nathan@gnab.fr>
2026-03-03Fixed #36887 -- Improved admin changelist layout for object-tools button.Jacob Walls
2026-03-03Refs #35859 -- Mentioned django-tasks and external resources on ↵Jake Howard
docs/topics/tasks.txt.
2026-03-03Fixed #36923 -- Added tests for non-hierarchical URI schemes in ↵Natalia
URLField.to_python(). Follow up to 951ffb3832cd83ba672c1e3deae2bda128eb9cca.
2026-03-03Fixed #20775 -- Clarified that SQL for text lookups varies per database.Lakshya
2026-03-03Added CVE-2026-25673 and CVE-2026-25674 to security archive.Natalia
2026-03-03Added stub release notes for 6.0.4.Natalia
2026-03-03Fixed CVE-2026-25674 -- Prevented potentially incorrect permissions on file ↵Natalia
system object creation. This fix introduces `safe_makedirs()` in the `os` utils as a safer alternative to `os.makedirs()` that avoids umask-related race conditions in multi-threaded environments. This is a workaround for https://github.com/python/cpython/issues/86533 and the solution is based on the fix being proposed for CPython. Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> Co-authored-by: Zackery Spytz <zspytz@gmail.com> Refs CVE-2020-24583 and #31921. Thanks Tarek Nakkouch for the report, and Jake Howard, Jacob Walls, and Shai Berger for reviews.
2026-03-03Fixed CVE-2026-25673 -- Simplified URLField scheme detection.Natalia
This simplicaftion mitigates a potential DoS in URLField on Windows. The usage of `urlsplit()` in `URLField.to_python()` was replaced with `str.partition(":")` for URL scheme detection. On Windows, `urlsplit()` performs Unicode normalization which is slow for certain characters, making `URLField` vulnerable to DoS via specially crafted POST payloads. Thanks Seokchan Yoon for the report, and Jake Howard and Shai Berger for the review. Refs #36923. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2026-03-02Fixed #36961 -- Fixed TypeError in deprecation warnings if Django is ↵Jacob Walls
imported by namespace.
2026-03-02Aligned docs checks between GitHub Actions and local development.Natalia
2026-03-02Refs #35381 -- Moved JSONNull to django.db.models.expressions.Clifford Gama
2026-02-28Added DatabaseOperations.convert_trunc_expression() hook.Tim Graham
Needed on MongoDB.
2026-02-28Refs #36513 -- Fixed font-color to also apply to select options in ↵Antoliny0919
TabularInline.
2026-02-28Fixed #36914 -- Fixed background-color to also apply to select options in ↵Antoliny0919
TabularInline.
2026-02-27Fixed #36946 -- Respected test database name when running tests in parallel ↵S​age Abdullah
on SQLite. The "spawn" and "forkserver" multiprocessing modes were affected.
2026-02-27Refs #35972 -- Returned params in a tuple in further expressions.Jacob Walls
2026-02-27Refs #23919 -- Used yield from in Paginator.Pierre Sassoulas
2026-02-27Fixed #27489 -- Renamed permissions upon model renaming in migrations.Artyom Kotovskiy
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2026-02-27Fixed #34643 -- Moved inputs beneath labels and errors in admin forms.antoliny0919
Thanks Sarah Boyce and Jacob Walls for reviews. Co-authored-by: Hrushikesh Vaidya <hrushikeshrv@gmail.com>
2026-02-26Fixed #22079 -- Added tests for stripping empty list values in RequestFactory.Anurag Verma
2026-02-26Adjusted default DoS severity level in Security Policy.Natalia
2026-02-26Refs #36936 - Adjusted tests to set PYTHON_COLORS environment variable.Pete Rosenblum
When "FORCE_COLOR" was set in the environment (such as in django-docker-box) several test cases that rely on string comparisons against exception messages or command line results would fail due to ANSI escape sequences being present in the output. This change resolved the issue by setting the "PYTHON_COLORS" environment variable to "0" for those specific tests, which takes precendence over the presence of "FORCE_COLOR".
2026-02-26Fixed #36750 -- Made ordering of M2M objects deterministic in serializers.VIZZARD-X
Co-authored-by: Simon Charette <charette.s@gmail.com> Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2026-02-25Refs #36652, #36936 -- Improved path manipulation in a migration test ↵pmppk
launching a subprocess.
2026-02-25Refs #36879, #36936 -- Fixed typo in RedisCacheTests.test_client_driver_info.pmppk
2026-02-25Fixed #36848 -- Mentioned BadRequest exception in docs/ref/views.txt.LincolnPuzey
2026-02-25Fixed #36951 -- Removed empty exc_info from log_task_finished signal handler.Elias Hernandis
Before, if no exception occurred, "None Type: None" was logged.
2026-02-25Fixed #36944 -- Removed MAX_LENGTH_HTML and related 5M chars limit ↵Natalia
references from HTML truncation docs.
2026-02-25Fixed #36948 -- Fixed breadcrumb text overlap at small widths in admin.Amar
Visual regression in bc03f1064e10fa247a46d4e8a98ba9b26aa4790d.
2026-02-25Fixed #36839 -- Warned when model renames encounter conflicts from stale ↵AbhimanyuGit2507
ContentTypes.
2026-02-25Refs #36873 -- Fixed changelink background image Y position.Antoliny0919
2026-02-25Fixed #36873 -- Aligned and normalized stroke width for non-multiple select ↵Antoliny0919
icons in related-widget-wrapper.
2026-02-24Fixed #36931 -- Handled LookupError in multipart parser for invalid RFC 2231 ↵sammiee5311
encoding. Added LookupError to the except clause so invalid headers are silently skipped, consistent with other malformed header handling.
2026-02-24Added stub release notes and release date for 6.0.3, 5.2.12, and 4.2.29.Natalia
2026-02-24Delete leaking loop iter vars in `smartif.py`sobolevn
While working on https://github.com/typeddjango/django-stubs/pull/3114/changes#diff-c408a224a641ee1ad26789d61b19c64c44667c1feb8fce0d58aea0338844ca66R276-R278 we have noticed that loop variables leak into the module namespace. It has two negative effects: 1. Users can access `smartif.op` and `smartif.key` public attrs, which is clearly not intenteded 2. We in `django-stubs` have to ignore these two objects from annotations Let's remove them :)
2026-02-23Fixed a typo in tests/admin_views/tests.py.Zac Iloka
2026-02-21Fixed #36899 -- Implemented SessionBase.__bool__.Amar
2026-02-21Fixed #36937 -- Added missing positive permission cases in test_client tests.Saish Mungase
2026-02-21Fixed #36935 -- Added fallback in ContentType.app_labeled_name when ↵Marco Aurélio da Rosa Haubrich
model_class() is None. Updated ContentType.app_labeled_name to include the app_label in its string representation. This removed ambiguity for content types whose models were not present in the current codebase (for example, when multiple applications share the same database). Adjusted related tests to reflect the new representation.
2026-02-21Fixed a typo in tests/i18n/tests.py.jun
2026-02-20Fixed #36920 -- Fixed alignment of fieldset legends in wide admin forms.usman
Visual regression in 4187da258fe212d494cb578a0bc2b52c4979ab95.
2026-02-20Refs #36938 -- Marked a test for union of ordered querysets as an expected ↵Jacob Walls
failure on Oracle. Oracle's SQL parser does not allow ORDER BY in components of a union in some cases, so xfail this test until an exception can be raised.