summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
12 daysFixed #37159 -- Implemented reproducible artifact builds.devmainCharles Roelli
13 daysRefs CVE-2026-6873 -- Moved deprecation note for ↵Jacob Walls
SIGNED_COOKIE_LEGACY_SALT_FALLBACK.
13 daysRefs #36593 -- Added missing deprecation note for select_related() with no ↵Jacob Walls
arguments.
13 daysRefs #36905 -- Added missing deprecation note for safe parameter of ↵Jacob Walls
JSONResponse.
13 daysRefs #34118 -- Removed further asgiref coroutine detection shims in tests.Jacob Walls
Follow-up to 4a52533329a03207c1c4592a13fbb12b9ec5ef9e.
13 daysRefs #37139 -- Renamed helper inside _is_pk_set().Jacob Walls
13 daysFixed #37176 -- Made Action importable from django.contrib.admin.Mariusz Felisiak
14 daysFixed #37152 -- Raised ValueError when Bcc is used in EmailMessage headers.diaxoaine
Bcc addresses are sent via the SMTP envelope and must never appear in the message itself. A "Bcc" key in `extra_headers` was not excluded like From/To/Cc/Reply-To, so it leaked into the generated message as a visible header. Thanks Mike Edmunds for reviews.
14 daysRefs #36532 -- Optimized CSP decorator async checking.Adam Johnson
The previous approach created both sync and async wrappers before checking which one was needed. Checking first reduces about 1 microsecond off each decorator application.
14 daysFixed #36881 -- Corrected documentation for ModelAdmin.search_fields.Amar
2026-06-16Refs #37142 -- Removed docs for django.utils.warnings.django_file_prefixes().Natalia
This reverts docs changes from commit f970a98e464320c09dde8d45009eadfb4d038a57.
2026-06-16Fixed #37163 -- Optimized @user_passes_test async checking.Adam Johnson
2026-06-16Removed selenium<4.44.0 version pin.Sarah Boyce
2026-06-16Fixed #37169, Refs #36437 -- Replaced text-based selector in a selenium test.SiHyunLee
After incorporating a translation for "Run" in Arabic, the RTL case started failing.
2026-06-16Fixed #37157 -- Doc'd usage of sphinx-autobuild for documentation ↵SnippyCodes
auto-reloading.
2026-06-16Fixed typo in section "Configuring email" in docs/topics/email.txt.Mike Edmunds
2026-06-15Fixed #31317 -- Avoided crash in CreateModel with unique_together and ↵David Wobrock
AlterUniqueTogether.
2026-06-15Fixed password hashing anchor link for references.Tim Schilling
2026-06-15Fixed #37128 -- Doc'd setUpTestData as test speed up.Tim Schilling
Revises the AnimalTestCase to better show test data isolation and avoid the opportunity to use setUpTestData.
2026-06-11Fixed #36969, #35371 -- Reduced false positives in strings during collectstatic.James Bligh
Thanks Johannes Maron for reviews.
2026-06-11Fixed #37141 -- Added --using option to sendtestemail command.NagaKartheekReddy
2026-06-11Doc'd security standards in howto-release-django.txt.Jacob Walls
2026-06-11Fixed #37129 -- Clarified database cache culling behavior in docs.VIZZARD-X
2026-06-11Refs #24941 -- Doc'd get_exclude() in base features shared by InlineModelAdmin.Jacob Walls
2026-06-11Fixed #36979 -- Made GenericInlineModelAdmin.get_formset() use get_exclude().Manas225
2026-06-11Fixed #36837 -- Skipped backends not implementing (a)get_user() in ↵Sezer BOZKIR
(a)force_login(). Co-authored-by: Mykhailo Havelia <Arfey17.mg@gmail.com>
2026-06-11Fixed #33185 -- Fixed sqlmigrate crash for RenameModel with a ↵siddus
self-referential foreign key. When collecting SQL (e.g. for sqlmigrate), a RenameModel operation's table rename is not executed, so the subsequent field alteration introspected the renamed table before it existed. On MySQL this raised "Table doesn't exist", and on PostgreSQL the missing introspection silently omitted the self-referential foreign key's drop and recreate. The schema editor now records table renames while collecting SQL and redirects constraint-name introspection to the still-existing old table name, which carries the same constraints. Applying migrations is unaffected.
2026-06-10Fixed #37102 -- Used **kwargs instead of *kwargs in CountsDict.__init__().muss-Snippy38-lang
2026-06-10Fixed #36104 -- Returned NotImplemented in Media.__add__ for non-Media RHS.Jacob Walls
2026-06-10Fixed #29187 -- Fixed flaky receiver count assertion in signals tests.Jacob Walls
Signal.receivers prunes dead weak references lazily, so a weak receiver garbage-collected elsewhere could still occupy a slot when BaseSignalSetup.setUp() counted receivers. The test's own connect/send/disconnect calls would then prune before tearDown() counted again.
2026-06-10Refs #37150 -- Synced docs/make.bat with docs/Makefile.Mike Edmunds
2026-06-10Fixed #37142 -- Moved django_file_prefixes() to django.utils.warnings.zhengkangyang
2026-06-09Removed obsolete Sphinx < 1.8 fallback in `VersionDirective` from djangodocs ↵Natalia
extension.
2026-06-09Fixed #37150 -- Made djangodocs Sphinx extension work with any html builder.Mike Edmunds
Changed djangodocs extension to register DjangoHTMLTranslator for any html-format builder (in the builder-inited hook), rather than a limited list of builders at startup. That fixes missing content in dirhtml and standard html builds (including ReadTheDocs PR previews): - Missing console tabs - Empty divs for versionadded and versionchanged directives Removed JS code that depended on jQuery, which hasn't worked since Sphinx 6.0 dropped jQuery in 2023: - Unnecessary console tabs click handling. (Console tab behavior is implemented purely in CSS.) - Client-side hyperlinking of Django template tags and filters in code examples. (This is also not supported on docs.djangoproject.com.) Removed custom DjangoStandaloneHTMLBuilder and "djangohtml" builder type. Its sole purpose was to generate the "templatebuiltins.js" file used for the (non-functional) client-side template filter/tag linking. Changed docs "make html" target from "djangohtml" to standard "html".
2026-06-09Fixed #37130 -- Skipped DB cache deletion when culling offset is zero.vishwa
2026-06-09Made check-commit-suffix job check only relevant commits.Jacob Walls
Failing to set $BASE meant other commits on the target branch were checked.
2026-06-09Fixed #36900 -- Used safe_join() on downloaded template archive.ar3ph
2026-06-09Fixed #37106 -- Clarified pylibmc workaround in unit test docs.kikobarr
2026-06-09Refs #36560, CVE-2026-35193 -- Replaced substring check on cache-control ↵Jacob Walls
directives in UpdateCacheMiddleware. Avoid false positives from hypothetical extension directives that could be superstrings of the ones we are checking.
2026-06-09Fixed #37147 -- Fixed rendering empty values for models with db_default on ↵Mariusz Felisiak
primary key.
2026-06-08Refs CVE-2026-48587 -- Added helper to properly split header values.Natalia
Extracted the repeated `split(",")` + per-token `.strip()` pattern into a `split_header_value()` generator in django/utils/http.py. The previous `cc_delim_re` regex only stripped whitespace adjacent to the comma delimiter, leaving leading or trailing whitespace on the first and last tokens. Now, `split_header_value()` strips every token fully, matching RFC 9110's optional-whitespace rules. Thanks to Shai Berger, Jacob Walls, and Sarah Boyce for reviews.
2026-06-08Refs #23929 -- Fixed test setup in CreateDefaultSiteTests.Jacob Walls
2026-06-08Refs #16281 -- Fixed isolation of admin_views.ViewOnSiteTests.Jacob Walls
We were seeing this occasional failure in FlatpagesSitemapTests.setUpClass(), which was unexpectedly attempting a write on the "other" database because of an instance hint from a cached Site: django.test.testcases.DatabaseOperationForbidden: Database queries to 'other' are not allowed in this test. Add 'other' to flatpages_tests.test_sitemaps.FlatpagesSitemapTests.databases to ensure proper test isolation and silence this failure.
2026-06-08Fixed #32785 -- Optimized cull frequency for DBCache.eevelweezel
2026-06-05Fixed #36984 -- Made inline formset error messages respect ↵Karolis Ryselis
delete_confirmation_max_display.
2026-06-05Fixed #37139 -- Fixed inlines crash on parent models with db_default on ↵Mariusz Felisiak
primary key.
2026-06-04Fixed #37110 -- Fixed time zone validation when missing zone directory.jodizzle
On Unix systems that lack time zone information stored at `/usr/share/zoneinfo`, time zones couldn't be validated. Python's `zoneinfo` module was introduced in Python 3.9, meaning all modern Django versions should support it's use.
2026-06-03Fixed #36492 -- Restored exact boolean lookup against literals on SQLite.Simon Charette
Performance regression in 37e6c5b on SQLite. Just like MySQL, and presumably Oracle, which don't have a native boolean type and incidently store booleans in integer columns, indices on such columns cannot be used when explicit boolean literal equalities are omitted. Adapt the logic introduced by refs #32691 for MySQL to be used for all backends that don't support native boolean fields instead of special casing MySQL, SQLite, and Oracle in their own special way. Note that review of this work surfaced that SQLite's query planner also cannot make use of indices when dealing with expressions of form WHERE NOT (indexed_bool_field = false) but that's a long standing problem unrelated to the restorative work performed in this patch. Thanks Klaas van Schelven for the report.
2026-06-03Refs #36905 -- Moved JSONResponse safe param discussion to versionchanged box.Jacob Walls
Follow-up to 6e15ac8066312328de279e3e072667416c205bfc.
2026-06-03Refs CVE-2026-6873 -- Defaulted SIGNED_COOKIE_LEGACY_SALT_FALLBACK ↵Jacob Walls
transitional setting to False.