summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-05-12Refs #32366 -- Avoided use of datetime.utcnow() in the documentation.Nick Pope
2021-05-12Added extra assertion to ↵Nick Pope
migrations.test_writer.WriterTests.test_serialize_datetime. This checks that datetime.timezone.utc serializes correctly.
2021-05-12Fixed a typo in docs/ref/models/fields.txt.Nick Pope
datetime.date.utcnow() doesn't exist, should be .today().
2021-05-12Refs #32718 -- Corrected CVE-2021-31542 release notes.Mariusz Felisiak
2021-05-12Refs #24121 -- Added__repr__() to StaticNode.saeedblanchette
2021-05-12Fixed #32735 -- Made DateFormat.Y() return a zero-padded year.Nick Pope
2021-05-11Fixed #32722 -- Fixed comparing to TruncTime() on Oracle.Mariusz Felisiak
2021-05-07Fixed #32670 -- Allowed GDALRasters to use any GDAL virtual filesystem.Jordi Castells
2021-05-07Fixed #32712 -- Deprecated django.utils.baseconv module.Hasan Ramezani
2021-05-07Fixed #32699 -- Fixed comparing to TruncTime() with 0 microseconds on MySQL.Alex Hill
2021-05-06Fixed typo in docs/internals/contributing/writing-documentation.txt.Nick Pope
2021-05-06Removed unused TestHashedFiles._max_post_process_passes.Mariusz Felisiak
Unused since f1894bae3071da4ee577fc40ae61491f3e03d82c
2021-05-06Added stub release notes for Django 3.2.3.Mariusz Felisiak
2021-05-06Added CVE-2021-32052 to security archive.Mariusz Felisiak
2021-05-06Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being ↵Mariusz Felisiak
accepted in URLValidator on Python 3.9.5+. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs [1, 2]. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid. [1] https://bugs.python.org/issue43882 and [2] https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4
2021-05-06Refs CVE-2021-31542 -- Skipped mock AWS storage test on Windows.Carlton Gibson
The validate_file_name() sanitation introduced in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3 correctly rejects the example file name as containing path elements on Windows. This breaks the test introduced in 914c72be2abb1c6dd860cb9279beaa66409ae1b2 to allow path components for storages that may allow them. Test is skipped pending a discussed storage refactoring to support this use-case.
2021-05-05Fixed #32705 -- Prevented database cache backend from checking .rowcount on ↵ecogels
closed cursor. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-05Fixed #32690 -- Fixed __in lookup crash when combining with filtered aggregates.Simon Charette
Having lookups group by subquery right-hand-sides is likely unnecessary in the first place but relatively large amount of work would be needed to achieve that such as making Lookup instances proper resolvable expressions. Regression in 35431298226165986ad07e91f9d3aca721ff38ec. Thanks James A. Munsch for the report.
2021-05-05Fixed #32479 -- Added fallbacks to subsequent language codes in translations.Maxim Beder
Thanks Claude Paroz and Nick Pope for reviews.
2021-05-05Fixed #32714 -- Prevented recreation of migration for Meta.ordering with ↵Simon Charette
OrderBy expressions. Regression in c8b659430556dca0b2fe27cf2ea0f8290dbafecd. Thanks Kevin Marsh for the report.
2021-05-04Refs #32074 -- Removed usage of deprecated Thread.setDaemon().Karthikeyan Singaravelan
Thread.setDaemon() was deprecated in Python 3.10 and will be removed in Python 3.12.
2021-05-04Refs #32074 -- Used asyncio.get_running_loop() instead of get_event_loop().Mariusz Felisiak
Using asyncio.get_event_loop() when there is no running event loop was deprecated in Python 3.10, see https://bugs.python.org/issue39529.
2021-05-04Added commits for CVE-2021-31542 to security archive.Carlton Gibson
2021-05-04Added CVE-2021-31542 to security archive.Carlton Gibson
2021-05-04Added stub release notes for Django 3.2.2.Carlton Gibson
2021-05-04Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.Florian Apolloner
2021-05-04Fixed #32693 -- Quoted and lowercased generated column aliases.Hasan Ramezani
2021-05-04Fixed #32709 -- Corrected examples in django/utils/baseconv.py docstring.pythonwood
2021-04-30Added spelling option to make.bat.Susan Wright
2021-04-30Fixed #32653 -- Made quoting names in the Oracle backend consistent with ↵Mariusz Felisiak
db_table.
2021-04-30Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.Tim Graham
2021-04-30Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ↵Hasan Ramezani
ExceptionReporter._get_raw_insecure_uri().
2021-04-29Refs #32178 -- Doc'd ↵Hasan Ramezani
DatabaseFeatures.django_test_skips/django_test_expected_failures in contributing guide.
2021-04-29Fixed capitalization of "ECMAScript" and "JavaScript".Nick Pope
2021-04-29Refs #32674 -- Noted that auto-created through table PKs cannot be ↵Carlton Gibson
automatically migrated.
2021-04-29Refs #32682 -- Renamed lookup_needs_distinct() to lookup_spawns_duplicates().Mariusz Felisiak
Follow up to 187118203197801c6cb72dc8b06b714b23b6dd3d.
2021-04-29Refs #32694 -- Clarified when colorama requirement is needed in Windows how-to.Carlton Gibson
2021-04-29Fixed #32675 -- Doc'd that autodector changes might cause generation of ↵David Wobrock
no-op migrations. Follow up to aa4acc164d1247c0de515c959f7b09648b57dc42.
2021-04-29Refs #32675 -- Removed to_field from ForeignKeys in contrib apps' migrations.David Wobrock
Refs #22889.
2021-04-28Removed unnecessary reuse_with_filtered_relation argument from Query methods.Nick Pope
In Query.join() the argument reuse_with_filtered_relation was used to determine whether to use == or .equals(). As this area of code is related to aliases, we only expect an instance of Join or BaseTable to be provided - the only two classes that provide .equals(). In both cases, the implementations of __eq__() and equals() are based on use of the "identity" property. __eq__() performs an isinstance() check first, returning NotImplemented if required. BaseTable.equals() then does a straightforward equality check on "identity". Join.equals() is a little bit different as it skips checking the last element of the "identity" property: filtered_relation. This was only included previously when the with_filtered_relation argument was True, impossible since bbf141bcdc31f1324048af9233583a523ac54c94.
2021-04-28Removed unused with_filtered_relation argument from .equals()Nick Pope
Unused since bbf141bcdc31f1324048af9233583a523ac54c94.
2021-04-28Corrected introduction to range field lookups docs.Adam Johnson
Follow up to 24b9f5082344a127147266dd52d5d2dcd1c9cb44.
2021-04-28Fixed #32632, Fixed #32657 -- Removed flawed support for Subquery ↵Simon Charette
deconstruction. Subquery deconstruction support required implementing complex and expensive equality rules for sql.Query objects for little benefit as the latter cannot themselves be made deconstructible to their reference to model classes. Making Expression @deconstructible and not BaseExpression allows interested parties to conform to the "expression" API even if they are not deconstructible as it's only a requirement for expressions allowed in Model fields and meta options (e.g. constraints, indexes). Thanks Phillip Cutter for the report. This also fixes a performance regression in bbf141bcdc31f1324048af9233583a523ac54c94.
2021-04-28Refs #32632 -- Added tests for returning a copy when combining Q() objects.Mariusz Felisiak
2021-04-27Fixed #32687 -- Restored passing process’ environment to underlying tool ↵Konstantin Alekseev
in dbshell on PostgreSQL. Regression in bbe6fbb8768e8fb1aecb96d51c049d7ceaf802d3.
2021-04-27Fixed #32682 -- Made admin changelist use Exists() instead of distinct() for ↵Mariusz Felisiak
preventing duplicates. Thanks Zain Patel for the report and Simon Charette for reviews. The exception introduced in 6307c3f1a123f5975c73b231e8ac4f115fd72c0d revealed a possible data loss issue in the admin.
2021-04-27Refs #32682 -- Renamed use_distinct variable to may_have_duplicates.Mariusz Felisiak
QuerySet.distinct() is not the only way to avoid duplicate, it's also not preferred.
2021-04-27Refs #32682 -- Fixed QuerySet.delete() crash on querysets with ↵Mariusz Felisiak
self-referential subqueries on MySQL.
2021-04-27Refs #19080 -- Added tests for preserving select_related() in the admin ↵Mariusz Felisiak
changelist.
2021-04-27Refs 32637 -- Made technical 404 debug page display exception message when ↵Mariusz Felisiak
URL is resolved. Follow up to 3b8527e32b665df91622649550813bb1ec9a9251.