| Age | Commit message (Collapse) | Author |
|
Thanks Simon Charette and Tim Graham for reviews, and Jason Hall for a
prior iteration.
|
|
|
|
Regression in 4187da258fe212d494cb578a0bc2b52c4979ab95.
|
|
This follows a post from Seth Larson (Security Developer-in-Residence at the PSF):
https://sethmlarson.dev/respecting-maintainer-time-should-be-in-security-policies
|
|
RemoteUserMiddleware under ASGI.
We have a flood of nuisance security reports describing ASGI deployments
using RemoteUserMiddleware without a fronting proxy, which is not
realistic.
|
|
alogin/alogout().
Regression in 31a43c571f4d036827d4fd7a5f615591637dc1be.
|
|
BaseModelFormSet.get_queryset() for stable ordering.
|
|
ordering.
|
|
Thanks Sarah Boyce for the idea and Tim McCurrach for the review.
Co-authored-by: Timothy McCurrach <tim.mccurrach@gmail.com>
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
|
|
Skip pending some investigation.
|
|
|
|
terminate() shouldn't assume the main server was started. (A deadlock
from mishandling of in-memory SQLite databases may have occurred.)
|
|
list_display.
|
|
Thanks James Bligh for the review.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
|
|
|
|
MultipleChoiceField.validate().
Used Django's OrderedSet datastructure instead of set() in MultipleChoiceField.validate()
to prevent submission ordering from being discarded during validation.
Thanks to Jacob Walls, JaeHyuck Sa, Jake Howard and Simon Charette for
the reviews.
|
|
Signed-off-by: JaeHyuckSa <jaehyuck.sa.dev@gmail.com>
|
|
|
|
|
|
|
|
|
|
non-PostgreSQL databases.
|
|
This comparison wasn't fleshed out, so it was distracting.
|
|
|
|
|
|
Based on Daniele Varrazzo's comment in https://github.com/psycopg/psycopg/issues/1273#issuecomment-3986829769
|
|
|
|
Follow-up to 92d4aea5ffacc38c5f7903b9410d0abec83f14de.
|
|
|
|
tests.
Thanks JaeHyuck Sa and Jake Howard for the reviews.
|
|
It has been superseded with .quote_name(), which ensures aliases are
always quoted.
|
|
feature flag.
Now that user provided aliases are systematically quoted there is no need to
disallow the usage of the dollar sign on Postgres.
|
|
This ensures all database identifiers are quoted independently of their orign
and most importantly that user provided aliases through annotate() and alias()
which paves the way for dropping the allow list of characters such aliases can
contain.
This will require adjustments to raw SQL interfaces such as RawSQL that might
make reference to ORM managed annotations as these will now be quoted.
The `SQLCompiler.quote_name_unless_alias` method is kept for now as an alias
for the newly introduced `.quote_name` method but will be duly deprecated in
a follow up commit.
|
|
list_display.
When using related field lookups like 'parent__is_active' in list_display,
the admin now correctly detects if the final field is a BooleanField and
displays boolean icons instead of 'True'/'False' text.
Modified lookup_field() in django/contrib/admin/utils.py to retrieve the
final field from the path when traversing relations using LOOKUP_SEP (__),
allowing display_for_field() to properly handle BooleanFields.
|
|
This avoids two isinstance() calls per UUID value.
|
|
Replaced weak receiver registration in Signal.connect() to pass
_flag_dead_receivers directly as the callback for weakref.ref() and
weakref.WeakMethod() instead of creating weakref.finalize() objects.
This prevented finalizer accumulation in repeated weak
connect()/disconnect() cycles where receivers remain alive.
|
|
boundary conditions.
Follow-up to 352d860b9107adbcde0f1fe5d0fce8e9090a51e4.
Overriding USE_TZ=True during a test creates drift between the SQL compiled
for inserted values versus the deployed database default, as Extract() inquires
of the current timezone.
To resolve this, leave USE_TZ=False and make UTC explicit when asserting the result.
|
|
verify_release.sh.
This reuses the same download for both artifacts and checks both GPG
signature and minimal correctness in the same script. Docs and script
do_django_release.py were updated.
|
|
spatialreference.org has been redesigned, possibly in 2023 [1], and no longer uses Django, see repo [2].
[1] https://spatialreference.org/about.html
[2] https://github.com/OSGeo/spatialreference.org
|
|
streaming responses.
|
|
Fixed the EmailMessage.message() method signature in the docs to
reinforce that the `policy` argument is keyword-only. (The text already
describes it correctly as keyword-only.)
|
|
A TypeError is now raised if fail_silently=True, auth_user, or auth_password
are provided along a connection.
Updated AdminEmailHandler in django.utils.log to remove redundant
fail_silently=True.
Thanks Mike Edmunds for the report and Jacob Tyler Walls for the review.
|
|
This was causing permission errors on private forks, e.g. the one
maintained by the Security Team for staging security patches.
Follow-up to f8665b1a7ff5e98d84f66ad0e958c3f175aa5d8b.
|
|
Oracle.
|
|
|
|
|
|
AddField/AlterField docs.
|
|
|