summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2025-01-14Refs #36075 -- Adjusted pk_fields usage in bulk_update eligibility checks.Simon Charette
Regression in bf7b17d16d3978b2e1cee4a0f7ce8840bd1a8dc4. Thanks Sage Abdullah for the report.
2025-01-14Fixed #36093 -- Adjusted unique checks to account for inherited primary keys.Simon Charette
Regression in bf7b17d16d3978b2e1cee4a0f7ce8840bd1a8dc4 refs #36075. Thanks Sage Abdullah for the report and tests.
2025-01-14Fixed #36075 -- Documented how to introspect composite primary keys.Simon Charette
Document _meta.pk_fields and interactions between Field.primary_key and CompositePrimaryKey. Thanks Mariusz for the review.
2025-01-14Added CVE-2024-56374 to security archive.Natalia
2025-01-14Added stub release notes for 5.1.6.Natalia
2025-01-14Fixed CVE-2024-56374 -- Mitigated potential DoS in IPv6 validation.Michael Manfre
Thanks Saravana Kumar for the report, and Sarah Boyce and Mariusz Felisiak for the reviews. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-01-14Made cosmetic edits to 5.1.5 release notes.Natalia
2025-01-13Refs #35844 -- Removed unnecessary ArgumentParser.add_argument_group()'s ↵Mariusz Felisiak
prefix_chars argument. The `prefix_chars` argument is deprecated since https://github.com/python/cpython/commit/7b04496e5c7ed47e9653f4591674fc9ffef34587.
2025-01-13Fixed #36087 -- Supported password reset on a custom user model with a ↵Sarah Boyce
composite primary key.
2025-01-13Fixed #36092 -- Disallowed non-local fields in composite primary keys.Bendeguz Csirmaz
2025-01-13Refs #36075 -- Used field in pk_fields over field.primary_key.Sarah Boyce
2025-01-13Fixed #36077 -- Corrected docs on pk value where Model.save() executes an ↵Jacob Walls
UPDATE. The empty string is no longer special-cased since c2ba59fc1da5287d6286e2c2aca4083d5bafe056.
2025-01-13Refs #36050 -- Fixed OuterRef support for CompositePrimaryKey on Oracle.Simon Charette
Oracle doesn't support native tuple comparison so each as_oracle implementation of tuple lookups must also perform right-hand-side sanitization.
2025-01-13Fixed #36086 -- Fixed crash when using GeneratedField with non-AutoField pk.Simon Charette
The previous logic was systematically attempting to retrieve last_insert_id even for models without an AutoField primary key when they had a GeneratedField on backends that can't return columns from INSERT. The issue affected MySQL, SQLite < 3.35, and Oracle when the use_returning_into option was disabled and could result in either crashes when the non-auto primary key wasn't an IntegerField subclass or silent misassignment of bogus insert ids (0 or the previous auto primary key insert value) to the first defined generated field value.
2025-01-13Refs #373 -- Adjusted test allowing AutoField in composite primary keys.Simon Charette
This is not a properly supported feature yet and should be revisited by refs #35957.
2025-01-13Refs #373 -- Removed unused composite pk code in SQLInsertCompiler.Simon Charette
This logic could only be exercised if the composite primary key included an AutoField but it's not allowed yet (refs #35957). It was also slightly broken as it expected the AutoField to always be the first member of returning_fields.
2025-01-10Fixed #36050 -- Added OuterRef support to CompositePrimaryKey.Bendeguz Csirmaz
2025-01-10Fixed #36032 -- Rendered URLField values as links in the admin.antoliny0919
2025-01-10Fixed #36064 -- Skipped an UPDATE when adding a model instance with a ↵Bendeguz Csirmaz
composite primary key with default values.
2025-01-10Refs #36064 -- Added test that falsey primary key default/db_default value ↵Bendeguz Csirmaz
skips an update query on save. This adds test coverage for logic change in 9fa4d07ce0729850661a31a6b37c6b48f13d2266.
2025-01-10Refs #36064 -- Added Model.has_db_default() to encapsulate NOT_PROVIDED checks.Simon Charette
This avoids many awkward checks against NOT_PROVIDED and provides symmetry with Field.has_default() which is also the reason why it wasn't made a property.
2025-01-10Fixed #36068 -- Raised ValueError when providing a composite PK field to ↵Jacob Walls
bulk_create() update_fields.
2025-01-09Fixed #36074 -- Excluded composite primary key fields on save() updates.Simon Charette
2025-01-09Fixed #35515 -- Added automatic model imports to shell management command.Salvo Polizzi
Thanks to Bhuvnesh Sharma and Adam Johnson for mentoring this Google Summer of Code 2024 project. Thanks to Sarah Boyce, David Smith, Jacob Walls and Natalia Bidart for reviews.
2025-01-09Fixed #35940 -- Disabled SelectFilter add/remove buttons when appropriate.Brock
2025-01-08Fixed #36063 -- Made a FileField navigate to the object admin change page ↵antoliny0919
when in list_display_links.
2025-01-08Fixed #36062 -- Handled serialization of CompositePrimaryKeys.Sarah Boyce
2025-01-08Fixed #35999 -- Removed #django IRC channel references where appropriate.Sarah Boyce
Some references are replaced with links to the Django Discord server.
2025-01-08Strengthened wording on supported Python versions in FAQ.Carlton Gibson
2025-01-08Fixed #36065 -- Fixed ordering by expression referencing composite primary key.Simon Charette
Thanks Jacob Walls for the report and test and Csirmaz Bendegúz for the review.
2025-01-08Refs #36065 -- Extracted composite primary key order by tests.Simon Charette
2025-01-08Fixed #36014 -- Supported international domains in EmailValidator.Chaitanya Rahalkar
2025-01-07Added stub release notes and release date for 5.1.5, 5.0.11, and 4.2.18.Natalia
2025-01-07Fixed typo in tutorial 5.Clifford Gama
2025-01-07Refs #36042 -- Raised ValueError when providing composite expressions to ↵Jacob Walls
aggregates.
2025-01-07Fixed #36042 -- Raised ValueError when using CompositePrimaryKey as rhs.Jacob Walls
2025-01-07Fixed #36023 -- Handled controls chars in content_disposition_header.Alex Vandiver
To use the simple `filename="..."` form, the value must conform to the official grammar from RFC6266[^1]: filename-parm = "filename" "=" value value = <value, defined in [RFC2616], Section 3.6> ; token | quoted-string The `quoted-string` definition comes from RFC 9110[^2]: ``` quoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE qdtext = HTAB / SP / %x21 / %x23-5B / %x5D-7E / obs-text The backslash octet ("\") can be used as a single-octet quoting mechanism within quoted-string and comment constructs. Recipients that process the value of a quoted-string MUST handle a quoted-pair as if it were replaced by the octet following the backslash. quoted-pair = "\" ( HTAB / SP / VCHAR / obs-text ) A sender SHOULD NOT generate a quoted-pair in a quoted-string except where necessary to quote DQUOTE and backslash octets occurring within that string. ``` That is, quoted strings are able to express horizontal tabs, space characters, and everything in the range from 0x21 to 0x7e, expect for 0x22 (`"`) and 0x5C (`\`), which can still be expressed but must be escaped with their own `\`. We ignore the case of `obs-text`, which is defined as the range 0x80-0xFF, since its presence is there for permissive parsing of accidental high-bit characters, and it should not be generated by conforming implementations. Transform this character range into a regex and apply it in addition to the "is ASCII" check. This ensures that all simple filenames are expressed in the simple format, and that all filenames with newlines and other control characters are properly expressed with the percent-encoded `filename*=...`form. [^1]: https://datatracker.ietf.org/doc/html/rfc6266#section-4.1 [^2]: https://datatracker.ietf.org/doc/html/rfc9110#name-quoted-strings
2025-01-06Fixed #35718 -- Add JSONArray to django.db.models.functions.John Parton
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2025-01-06Refs #35444 -- Deprecated contrib.postgres aggregates ordering for order_by.Chris Muthig
Aligns the argument with SQL standards already used in Window.order_by and sets up for adding support to Aggregate.
2025-01-06Fixed #36048 -- Preferred ValueError to NotSupportedError for composite pk ↵Jacob Walls
sanity checks. These checks are not backend-dependent.
2025-01-04Fixed #36057 -- Enabled test runner to debug chained exceptions with `--pdb` ↵Adam Johnson
on Python 3.13+.
2025-01-04Fixed #36056 -- Made OutputWrapper a virtual subclass of TextIOBase.Adam Johnson
This fixes the ignored exception in self._out.flush() from django.core.management.base.OutputWrapper: `ValueError: I/O operation on closed file.`
2025-01-03Removed stray comment in ArrayField.check().Tim Graham
2025-01-03Fixed #36052 -- Supported CompositePrimaryKey in inspectdb.Jacob Walls
2025-01-03Fixed #35918 -- Added support for execute_sql to directly return row counts.Raphael Gaschignard
2025-01-03Fixed #36026 -- Clarified that View.setup() sets the request, args, kwargs ↵Chaitanya Rahalkar
attributes.
2025-01-03Fixed #35414 -- Used default headers in AsyncRequestFactory.YashRaj1506
2025-01-03Fixed #35740 -- Fixed FileFieldStorageTests.test_extended_length_storage ↵YashRaj1506
when using bcachefs. PC_NAME_MAX on bcachefs is 512, which was greater than the file field max_length.
2025-01-03Fixed #36029 -- Handled implicit exact lookups in condition depth checks for ↵Jacob Walls
FilteredRelation.
2025-01-02Added missing test for QuerySet.delete() when raising EmptyResultSet.Tim Graham