summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2026-04-02Fixed #20024 -- Fixed handling of __in lookups with None in exclude().Eddy Adegnandjou
Thanks Simon Charette and Tim Graham for reviews, and Jason Hall for a prior iteration.
2026-04-02Refs #20024 -- Tested __in lookups with None against composite pk fields.Eddy Adegnandjou
2026-04-02Fixed #36949 -- Improved RelatedFieldWidgetWrapper <label>s.David Smith
Regression in 4187da258fe212d494cb578a0bc2b52c4979ab95.
2026-04-02Added section for respecting maintainer time to the security policy.Natalia
This follows a post from Seth Larson (Security Developer-in-Residence at the PSF): https://sethmlarson.dev/respecting-maintainer-time-should-be-in-security-policies
2026-04-02Fixed #36862 -- Doc'd the need for a proxy when deploying ↵Jacob Walls
RemoteUserMiddleware under ASGI. We have a flood of nuisance security reports describing ASGI deployments using RemoteUserMiddleware without a fronting proxy, which is not realistic.
2026-04-02Fixed #37017 -- Fixed setting or clearing of request.user after ↵Jacob Walls
alogin/alogout(). Regression in 31a43c571f4d036827d4fd7a5f615591637dc1be.
2026-04-01Fixed #37004 -- Used QuerySet.totally_ordered in ↵Rodrigo Vieira
BaseModelFormSet.get_queryset() for stable ordering.
2026-04-01Refs #37004 -- Added coverage for BaseModelFormSet.get_queryset() fallback ↵Rodrigo Vieira
ordering.
2026-03-31Fixed #36799 -- Added a how-to guide for testing pre-releases.VIZZARD-X
Thanks Sarah Boyce for the idea and Tim McCurrach for the review. Co-authored-by: Timothy McCurrach <tim.mccurrach@gmail.com> Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2026-03-31Added stub release notes and release date for 6.0.4, 5.2.13, and 4.2.30.Jacob Walls
2026-03-30Refs #36770 -- Skipped test_in_memory_database_lock().Jacob Walls
Skip pending some investigation.
2026-03-30Refs #36770 -- Preferred addCleanup() in live server tests.Jacob Walls
2026-03-30Refs #36770 -- Guarded against an endless wait in LiveServerThread.terminate().Jacob Walls
terminate() shouldn't assume the main server was started. (A deadlock from mishandling of in-memory SQLite databases may have occurred.)
2026-03-30Refs #36926 -- Added release note for boolean icons for related fields in ↵Jacob Walls
list_display.
2026-03-28Fixed #29762 -- Doc'd how database routers fetch related objects.VIZZARD-X
Thanks James Bligh for the review. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2026-03-28Refs #36526 -- Fixed bulk_update() batching example in docs.Georgios Verigakis
2026-03-27Corrected outdated links to gunicorn documentation.Sebastian Skonieczny
2026-03-26Refs #36913 -- Maintained error message determinism in ↵afenoum
MultipleChoiceField.validate(). Used Django's OrderedSet datastructure instead of set() in MultipleChoiceField.validate() to prevent submission ordering from being discarded during validation. Thanks to Jacob Walls, JaeHyuck Sa, Jake Howard and Simon Charette for the reviews.
2026-03-25Fixed #36993 -- Clarified N/A usage in pull request template for typo fixes.JaeHyuckSa
Signed-off-by: JaeHyuckSa <jaehyuck.sa.dev@gmail.com>
2026-03-25Fixed #36913 -- Optimized MultipleChoiceField.validate().afenoum
2026-03-24Refs #36494 -- Prevented crash in JSONField numeric lookups with expressions.Vignesh Anand
2026-03-24Refs #36485 -- Ignored removal of double spaces in git blame.Jacob Walls
2026-03-24Fixed #36976 -- Made admin action counter a live region for screen readers.davitacols
2026-03-24Fixed #36985 -- Skipped CreateExtension backwards operation on ↵varunkasyap
non-PostgreSQL databases.
2026-03-24Fixed #36999 -- Removed mention of Ruby on Rails from tutorial part 2.Vinay Datta
This comparison wasn't fleshed out, so it was distracting.
2026-03-21Refs #36883 -- Split monolithic aggregation/lookup/queries tests.Tim Graham
2026-03-20Made it clear that unreviewed tickets shouldn't be claimed or started.Jake Howard
2026-03-20Fixed #36960 -- Enabled the use of psycopg 3's optimized timestamp loader.Aarni Koskela
Based on Daniele Varrazzo's comment in https://github.com/psycopg/psycopg/issues/1273#issuecomment-3986829769
2026-03-19Refs #36620 -- Reduced permissions on coverage comment workflow.Jacob Walls
2026-03-19Refs #36620 -- Fixed coverage comment deletion.Jacob Walls
Follow-up to 92d4aea5ffacc38c5f7903b9410d0abec83f14de.
2026-03-19Fixed #36904 -- Clarified how to hide form field labels in docs.Amar
2026-03-19Fixed #36958 -- Reloaded logging config when logging settings are changed in ↵SnippyCodes
tests. Thanks JaeHyuck Sa and Jake Howard for the reviews.
2026-03-19Refs #36795 -- Deprecated SQLCompiler.quote_name_unless_alias().Simon Charette
It has been superseded with .quote_name(), which ensures aliases are always quoted.
2026-03-19Refs #36795 -- Removed unnecessary prohibits_dollar_signs_in_column_aliases ↵Simon Charette
feature flag. Now that user provided aliases are systematically quoted there is no need to disallow the usage of the dollar sign on Postgres.
2026-03-19Fixed #36795 -- Enforced quoting of all database object names.Simon Charette
This ensures all database identifiers are quoted independently of their orign and most importantly that user provided aliases through annotate() and alias() which paves the way for dropping the allow list of characters such aliases can contain. This will require adjustments to raw SQL interfaces such as RawSQL that might make reference to ORM managed annotations as these will now be quoted. The `SQLCompiler.quote_name_unless_alias` method is kept for now as an alias for the newly introduced `.quote_name` method but will be duly deprecated in a follow up commit.
2026-03-18Fixed #36926 -- Made admin use boolean icons for related BooleanFields in ↵huwaiza tahir
list_display. When using related field lookups like 'parent__is_active' in list_display, the admin now correctly detects if the final field is a BooleanField and displays boolean icons instead of 'True'/'False' text. Modified lookup_field() in django/contrib/admin/utils.py to retrieve the final field from the path when traversing relations using LOOKUP_SEP (__), allowing display_for_field() to properly handle BooleanFields.
2026-03-18Fixed #36987 -- Observed prepared argument in UUIDField.get_db_prep_value().Jacob Walls
This avoids two isinstance() calls per UUID value.
2026-03-17Fixed #36939 -- Avoided weakref.finalize in Signal.connect().Juho Hautala
Replaced weak receiver registration in Signal.connect() to pass _flag_dead_receivers directly as the callback for weakref.ref() and weakref.WeakMethod() instead of creating weakref.finalize() objects. This prevented finalizer accumulation in repeated weak connect()/disconnect() cycles where receivers remain alive.
2026-03-17Refs #470 -- Fixed further field_defaults test failures due to year-end ↵Jacob Walls
boundary conditions. Follow-up to 352d860b9107adbcde0f1fe5d0fce8e9090a51e4. Overriding USE_TZ=True during a test creates drift between the SQL compiled for inserted values versus the deployed database default, as Extract() inquires of the current timezone. To resolve this, leave USE_TZ=False and make UTC explicit when asserting the result.
2026-03-16Combined scripts confirm_release.sh and test_new_version.sh into ↵Natalia
verify_release.sh. This reuses the same download for both artifacts and checks both GPG signature and minimal correctness in the same script. Docs and script do_django_release.py were updated.
2026-03-16Removed reference to spatialreference.org being a Django website.David Smith
spatialreference.org has been redesigned, possibly in 2023 [1], and no longer uses Django, see repo [2]. [1] https://spatialreference.org/about.html [2] https://github.com/OSGeo/spatialreference.org
2026-03-16Fixed #36859 -- Made assertContains and assertNotContains idempotent for ↵Baptiste Mispelon
streaming responses.
2026-03-16Corrected signature for EmailMessage.message() in email topics docs.Mike Edmunds
Fixed the EmailMessage.message() method signature in the docs to reinforce that the `policy` argument is keyword-only. (The text already describes it correctly as keyword-only.)
2026-03-16Fixed #36894 -- Added TypeError for conflicting arguments in mail APIs.Praful Gulani
A TypeError is now raised if fail_silently=True, auth_user, or auth_password are provided along a connection. Updated AdminEmailHandler in django.utils.log to remove redundant fail_silently=True. Thanks Mike Edmunds for the report and Jacob Tyler Walls for the review.
2026-03-16Skipped check_commit_messages action on forks.Jacob Walls
This was causing permission errors on private forks, e.g. the one maintained by the Security Team for staging security patches. Follow-up to f8665b1a7ff5e98d84f66ad0e958c3f175aa5d8b.
2026-03-16Fixed #36906 -- Handled coalescing JSON-primitive strings and JSON values on ↵Kanin Kearpimy
Oracle.
2026-03-15Fixed typo in docs/internals/contributing/accessibility.txt.dcsid
2026-03-14Refs #12529, #22325 -- Fixed ExecutorTests.test_custom_user isolation.Mariusz Felisiak
2026-03-14Fixed #35786 -- Removed outdated note about database defaults in ↵Ahmed Nassar
AddField/AlterField docs.
2026-03-13Fixed #36927 -- Optimized Field.deconstruct().Adam Johnson