summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-05-17Refs #32720 -- Fixed some broken links in docs.Nick Pope
2021-05-17Refs #32720 -- Used full hashes in security archive.Nick Pope
2021-05-17Corrected commit hashes for security patches.Mariusz Felisiak
2021-05-17Refs #32720 -- Used :commit: and :source: role in old release notes.Nick Pope
2021-05-14Refs #32317 -- Simplified find_fixtures() in loaddata command.William Schwartz
This always replaces 'fixture_name' with its base name, which preserves the previous behavior, because os.path.basename() was not called only on relative paths without os.path.sep i.e. when base name was equal to the file name. This also changes os.path.dirname() and os.path.basename() calls to the equivalent os.path.split() call.
2021-05-14Refs #32317 -- Cleaned up try/except blocks in loaddata command.William Schwartz
This moves code unable to trigger relevant exceptions outside of try/except blocks, and changes 'objects' to 'objects_in_fixture' which is equal to the length of 'objects'.
2021-05-14Fixed #32734 -- Fixed validation of startapp's directory with trailing slash.Rohith PR
Regression in fc9566d42daf28cdaa25a5db1b5ade253ceb064f.
2021-05-14Fixed #32721 -- Fixed migrations crash when adding namespaced spatial ↵snowman2
indexes on PostGIS.
2021-05-13Refs #32721 -- Made PostGISSchemaEditor._create_index_sql() call ↵snowman2
super()._create_index_sql().
2021-05-13Refs #16455 -- Added test for using opclasses on indexes for ↵Mariusz Felisiak
multidimensional geometry fields on PostGIS.
2021-05-13Added stub release notes for Django 3.2.4.Mariusz Felisiak
2021-05-13Fixed #32718 -- Relaxed file name validation in FileField.Mariusz Felisiak
- Validate filename returned by FileField.upload_to() not a filename passed to the FileField.generate_filename() (upload_to() may completely ignored passed filename). - Allow relative paths (without dot segments) in the generated filename. Thanks to Jakub Kleň for the report and review. Thanks to all folks for checking this patch on existing projects. Thanks Florian Apolloner and Markus Holtermann for the discussion and implementation idea. Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3.
2021-05-13Fixed #32717 -- Fixed filtering of querysets combined with the | operator.Simon Charette
Address a long standing bug in a Where.add optimization to discard equal nodes that was surfaced by implementing equality for Lookup instances in bbf141bcdc31f1324048af9233583a523ac54c94. Thanks Shaheed Haque for the report.
2021-05-13Fixed #32031 -- Added model class for each model to AdminSite.each_context().Raffaele Salmaso
2021-05-12Fixed #26721 -- Doc'd setting UTF-8 on Windows.David Smith
2021-05-12Fixed #32738 -- Deprecated django.utils.datetime_safe module.Nick Pope
2021-05-12Refs #32738 -- Added sanitize_strftime_format() to replace datetime_safe.Nick Pope
2021-05-12Refs #32738, Refs #29600, Refs #29595 -- Removed unused ↵Nick Pope
django.utils.datetime_safe.time(). Unused since c72dde41e603093ab0bb12fa24fa69cfda0d35f9.
2021-05-12Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection ↵Nick Pope
options in MySQL backend. The 'db' and 'passwd' connection options have been deprecated, use 'database' and 'password' instead (available since mysqlclient >= 1.3.8). This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL.
2021-05-12Fixed #32366 -- Updated datetime module usage to recommended approach.Nick Pope
- Replaced datetime.utcnow() with datetime.now(). - Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp(). - Replaced datetime.utctimetuple() with datetime.timetuple(). - Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp().
2021-05-12Refs #32366 -- Avoided use of datetime.utcnow() in the documentation.Nick Pope
2021-05-12Added extra assertion to ↵Nick Pope
migrations.test_writer.WriterTests.test_serialize_datetime. This checks that datetime.timezone.utc serializes correctly.
2021-05-12Fixed a typo in docs/ref/models/fields.txt.Nick Pope
datetime.date.utcnow() doesn't exist, should be .today().
2021-05-12Refs #32718 -- Corrected CVE-2021-31542 release notes.Mariusz Felisiak
2021-05-12Refs #24121 -- Added__repr__() to StaticNode.saeedblanchette
2021-05-12Fixed #32735 -- Made DateFormat.Y() return a zero-padded year.Nick Pope
2021-05-11Fixed #32722 -- Fixed comparing to TruncTime() on Oracle.Mariusz Felisiak
2021-05-07Fixed #32670 -- Allowed GDALRasters to use any GDAL virtual filesystem.Jordi Castells
2021-05-07Fixed #32712 -- Deprecated django.utils.baseconv module.Hasan Ramezani
2021-05-07Fixed #32699 -- Fixed comparing to TruncTime() with 0 microseconds on MySQL.Alex Hill
2021-05-06Fixed typo in docs/internals/contributing/writing-documentation.txt.Nick Pope
2021-05-06Removed unused TestHashedFiles._max_post_process_passes.Mariusz Felisiak
Unused since f1894bae3071da4ee577fc40ae61491f3e03d82c
2021-05-06Added stub release notes for Django 3.2.3.Mariusz Felisiak
2021-05-06Added CVE-2021-32052 to security archive.Mariusz Felisiak
2021-05-06Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being ↵Mariusz Felisiak
accepted in URLValidator on Python 3.9.5+. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs [1, 2]. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid. [1] https://bugs.python.org/issue43882 and [2] https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4
2021-05-06Refs CVE-2021-31542 -- Skipped mock AWS storage test on Windows.Carlton Gibson
The validate_file_name() sanitation introduced in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3 correctly rejects the example file name as containing path elements on Windows. This breaks the test introduced in 914c72be2abb1c6dd860cb9279beaa66409ae1b2 to allow path components for storages that may allow them. Test is skipped pending a discussed storage refactoring to support this use-case.
2021-05-05Fixed #32705 -- Prevented database cache backend from checking .rowcount on ↵ecogels
closed cursor. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-05Fixed #32690 -- Fixed __in lookup crash when combining with filtered aggregates.Simon Charette
Having lookups group by subquery right-hand-sides is likely unnecessary in the first place but relatively large amount of work would be needed to achieve that such as making Lookup instances proper resolvable expressions. Regression in 35431298226165986ad07e91f9d3aca721ff38ec. Thanks James A. Munsch for the report.
2021-05-05Fixed #32479 -- Added fallbacks to subsequent language codes in translations.Maxim Beder
Thanks Claude Paroz and Nick Pope for reviews.
2021-05-05Fixed #32714 -- Prevented recreation of migration for Meta.ordering with ↵Simon Charette
OrderBy expressions. Regression in c8b659430556dca0b2fe27cf2ea0f8290dbafecd. Thanks Kevin Marsh for the report.
2021-05-04Refs #32074 -- Removed usage of deprecated Thread.setDaemon().Karthikeyan Singaravelan
Thread.setDaemon() was deprecated in Python 3.10 and will be removed in Python 3.12.
2021-05-04Refs #32074 -- Used asyncio.get_running_loop() instead of get_event_loop().Mariusz Felisiak
Using asyncio.get_event_loop() when there is no running event loop was deprecated in Python 3.10, see https://bugs.python.org/issue39529.
2021-05-04Added commits for CVE-2021-31542 to security archive.Carlton Gibson
2021-05-04Added CVE-2021-31542 to security archive.Carlton Gibson
2021-05-04Added stub release notes for Django 3.2.2.Carlton Gibson
2021-05-04Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.Florian Apolloner
2021-05-04Fixed #32693 -- Quoted and lowercased generated column aliases.Hasan Ramezani
2021-05-04Fixed #32709 -- Corrected examples in django/utils/baseconv.py docstring.pythonwood
2021-04-30Added spelling option to make.bat.Susan Wright
2021-04-30Fixed #32653 -- Made quoting names in the Oracle backend consistent with ↵Mariusz Felisiak
db_table.