| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-05-17 | Refs #32720 -- Fixed some broken links in docs. | Nick Pope | |
| 2021-05-17 | Refs #32720 -- Used full hashes in security archive. | Nick Pope | |
| 2021-05-17 | Corrected commit hashes for security patches. | Mariusz Felisiak | |
| 2021-05-17 | Refs #32720 -- Used :commit: and :source: role in old release notes. | Nick Pope | |
| 2021-05-14 | Refs #32317 -- Simplified find_fixtures() in loaddata command. | William Schwartz | |
| This always replaces 'fixture_name' with its base name, which preserves the previous behavior, because os.path.basename() was not called only on relative paths without os.path.sep i.e. when base name was equal to the file name. This also changes os.path.dirname() and os.path.basename() calls to the equivalent os.path.split() call. | |||
| 2021-05-14 | Refs #32317 -- Cleaned up try/except blocks in loaddata command. | William Schwartz | |
| This moves code unable to trigger relevant exceptions outside of try/except blocks, and changes 'objects' to 'objects_in_fixture' which is equal to the length of 'objects'. | |||
| 2021-05-14 | Fixed #32734 -- Fixed validation of startapp's directory with trailing slash. | Rohith PR | |
| Regression in fc9566d42daf28cdaa25a5db1b5ade253ceb064f. | |||
| 2021-05-14 | Fixed #32721 -- Fixed migrations crash when adding namespaced spatial ↵ | snowman2 | |
| indexes on PostGIS. | |||
| 2021-05-13 | Refs #32721 -- Made PostGISSchemaEditor._create_index_sql() call ↵ | snowman2 | |
| super()._create_index_sql(). | |||
| 2021-05-13 | Refs #16455 -- Added test for using opclasses on indexes for ↵ | Mariusz Felisiak | |
| multidimensional geometry fields on PostGIS. | |||
| 2021-05-13 | Added stub release notes for Django 3.2.4. | Mariusz Felisiak | |
| 2021-05-13 | Fixed #32718 -- Relaxed file name validation in FileField. | Mariusz Felisiak | |
| - Validate filename returned by FileField.upload_to() not a filename passed to the FileField.generate_filename() (upload_to() may completely ignored passed filename). - Allow relative paths (without dot segments) in the generated filename. Thanks to Jakub Kleň for the report and review. Thanks to all folks for checking this patch on existing projects. Thanks Florian Apolloner and Markus Holtermann for the discussion and implementation idea. Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3. | |||
| 2021-05-13 | Fixed #32717 -- Fixed filtering of querysets combined with the | operator. | Simon Charette | |
| Address a long standing bug in a Where.add optimization to discard equal nodes that was surfaced by implementing equality for Lookup instances in bbf141bcdc31f1324048af9233583a523ac54c94. Thanks Shaheed Haque for the report. | |||
| 2021-05-13 | Fixed #32031 -- Added model class for each model to AdminSite.each_context(). | Raffaele Salmaso | |
| 2021-05-12 | Fixed #26721 -- Doc'd setting UTF-8 on Windows. | David Smith | |
| 2021-05-12 | Fixed #32738 -- Deprecated django.utils.datetime_safe module. | Nick Pope | |
| 2021-05-12 | Refs #32738 -- Added sanitize_strftime_format() to replace datetime_safe. | Nick Pope | |
| 2021-05-12 | Refs #32738, Refs #29600, Refs #29595 -- Removed unused ↵ | Nick Pope | |
| django.utils.datetime_safe.time(). Unused since c72dde41e603093ab0bb12fa24fa69cfda0d35f9. | |||
| 2021-05-12 | Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection ↵ | Nick Pope | |
| options in MySQL backend. The 'db' and 'passwd' connection options have been deprecated, use 'database' and 'password' instead (available since mysqlclient >= 1.3.8). This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL. | |||
| 2021-05-12 | Fixed #32366 -- Updated datetime module usage to recommended approach. | Nick Pope | |
| - Replaced datetime.utcnow() with datetime.now(). - Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp(). - Replaced datetime.utctimetuple() with datetime.timetuple(). - Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp(). | |||
| 2021-05-12 | Refs #32366 -- Avoided use of datetime.utcnow() in the documentation. | Nick Pope | |
| 2021-05-12 | Added extra assertion to ↵ | Nick Pope | |
| migrations.test_writer.WriterTests.test_serialize_datetime. This checks that datetime.timezone.utc serializes correctly. | |||
| 2021-05-12 | Fixed a typo in docs/ref/models/fields.txt. | Nick Pope | |
| datetime.date.utcnow() doesn't exist, should be .today(). | |||
| 2021-05-12 | Refs #32718 -- Corrected CVE-2021-31542 release notes. | Mariusz Felisiak | |
| 2021-05-12 | Refs #24121 -- Added__repr__() to StaticNode. | saeedblanchette | |
| 2021-05-12 | Fixed #32735 -- Made DateFormat.Y() return a zero-padded year. | Nick Pope | |
| 2021-05-11 | Fixed #32722 -- Fixed comparing to TruncTime() on Oracle. | Mariusz Felisiak | |
| 2021-05-07 | Fixed #32670 -- Allowed GDALRasters to use any GDAL virtual filesystem. | Jordi Castells | |
| 2021-05-07 | Fixed #32712 -- Deprecated django.utils.baseconv module. | Hasan Ramezani | |
| 2021-05-07 | Fixed #32699 -- Fixed comparing to TruncTime() with 0 microseconds on MySQL. | Alex Hill | |
| 2021-05-06 | Fixed typo in docs/internals/contributing/writing-documentation.txt. | Nick Pope | |
| 2021-05-06 | Removed unused TestHashedFiles._max_post_process_passes. | Mariusz Felisiak | |
| Unused since f1894bae3071da4ee577fc40ae61491f3e03d82c | |||
| 2021-05-06 | Added stub release notes for Django 3.2.3. | Mariusz Felisiak | |
| 2021-05-06 | Added CVE-2021-32052 to security archive. | Mariusz Felisiak | |
| 2021-05-06 | Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being ↵ | Mariusz Felisiak | |
| accepted in URLValidator on Python 3.9.5+. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs [1, 2]. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid. [1] https://bugs.python.org/issue43882 and [2] https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 | |||
| 2021-05-06 | Refs CVE-2021-31542 -- Skipped mock AWS storage test on Windows. | Carlton Gibson | |
| The validate_file_name() sanitation introduced in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3 correctly rejects the example file name as containing path elements on Windows. This breaks the test introduced in 914c72be2abb1c6dd860cb9279beaa66409ae1b2 to allow path components for storages that may allow them. Test is skipped pending a discussed storage refactoring to support this use-case. | |||
| 2021-05-05 | Fixed #32705 -- Prevented database cache backend from checking .rowcount on ↵ | ecogels | |
| closed cursor. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-05-05 | Fixed #32690 -- Fixed __in lookup crash when combining with filtered aggregates. | Simon Charette | |
| Having lookups group by subquery right-hand-sides is likely unnecessary in the first place but relatively large amount of work would be needed to achieve that such as making Lookup instances proper resolvable expressions. Regression in 35431298226165986ad07e91f9d3aca721ff38ec. Thanks James A. Munsch for the report. | |||
| 2021-05-05 | Fixed #32479 -- Added fallbacks to subsequent language codes in translations. | Maxim Beder | |
| Thanks Claude Paroz and Nick Pope for reviews. | |||
| 2021-05-05 | Fixed #32714 -- Prevented recreation of migration for Meta.ordering with ↵ | Simon Charette | |
| OrderBy expressions. Regression in c8b659430556dca0b2fe27cf2ea0f8290dbafecd. Thanks Kevin Marsh for the report. | |||
| 2021-05-04 | Refs #32074 -- Removed usage of deprecated Thread.setDaemon(). | Karthikeyan Singaravelan | |
| Thread.setDaemon() was deprecated in Python 3.10 and will be removed in Python 3.12. | |||
| 2021-05-04 | Refs #32074 -- Used asyncio.get_running_loop() instead of get_event_loop(). | Mariusz Felisiak | |
| Using asyncio.get_event_loop() when there is no running event loop was deprecated in Python 3.10, see https://bugs.python.org/issue39529. | |||
| 2021-05-04 | Added commits for CVE-2021-31542 to security archive. | Carlton Gibson | |
| 2021-05-04 | Added CVE-2021-31542 to security archive. | Carlton Gibson | |
| 2021-05-04 | Added stub release notes for Django 3.2.2. | Carlton Gibson | |
| 2021-05-04 | Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. | Florian Apolloner | |
| 2021-05-04 | Fixed #32693 -- Quoted and lowercased generated column aliases. | Hasan Ramezani | |
| 2021-05-04 | Fixed #32709 -- Corrected examples in django/utils/baseconv.py docstring. | pythonwood | |
| 2021-04-30 | Added spelling option to make.bat. | Susan Wright | |
| 2021-04-30 | Fixed #32653 -- Made quoting names in the Oracle backend consistent with ↵ | Mariusz Felisiak | |
| db_table. | |||
