summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2025-06-16Fixed #36380 -- Deferred SQL formatting when running tests with --debug-sql.Natalia
Thanks to Jacob Walls for the report and previous iterations of this fix, to Simon Charette for the logging formatter idea, and to Tim Graham for testing and ensuring that 3rd party backends remain compatible. This partially reverts d8f093908c504ae0dbc39d3f5231f7d7920dde37. Refs #36112, #35448. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2025-06-16Fixed #36453 -- Made When.condition resolve with for_save=False.Clifford Gama
Value(None, JSONField()) when used in When.condition incorrectly resolved with for_save=True, resulting in the value being serialized as SQL NULL instead of JSON null. Regression in c1fa3fdd040718356e5a3b9a0fe699d73f47a940. Thanks to Thomas McKay for the report, and to David Sanders and Simon Charettes for the review. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2025-06-16Fixed #36447 -- Selected preferred media type based on quality.Jake Howard
When matching which entry in the `Accept` header should be used for a given media type, the specificity matters. However once those are resolved, only the quality matters when selecting preference. Regression in c075508b4de8edf9db553b409f8a8ed2f26ecead. Thank you to Anders Kaseorg for the report.
2025-06-13Corrected jsonfield fieldlookup references.Sarah Boyce
2025-06-13Fixed #36433 -- Fixed constraint validation crash when condition uses a ↵Colleen Dunlap
ForeignKey attname. Regression in e44e8327d3d88d86895735c0e427102063ff5b55. Thank you to Jacob Walls for the report. Co-authored-by: Simon Charette <charette.s@gmail.com>
2025-06-13Refs #35676 -- Added supports_table_check_constraints skip to model_forms tests.Tim Graham
2025-06-12Fixed #25706 -- Refactored geometry widgets to remove inline JavaScript.Claude Paroz
Refactored GIS-related JavaScript initialization to eliminate inline scripts from templates. Added support for specifying a base layer using the new `base_layer_name` attribute on `BaseGeometryWidget`, allowing custom map tile providers via user-defined JavaScript. As a result, the `gis/openlayers-osm.html` template was removed. Thanks Sarah Boyce for reviews. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-06-12Fixed #36463 -- Fixed grammar in docs/intro/contributing.txt.Sulove Bista
2025-06-12Fixed #36454 -- Fixed typo in docs/intro/tutorial08.txt.ruvilonix
2025-06-12Fixed #36442 -- Cloned FilteredRelation before rename_prefix_from_q.viliam mihalik
2025-06-11Made minor grammar and punctuation fixes in docs/topics/migrations.txt.Clifford Gama
2025-06-11Removed default value for app_configs in system check functions.Adam Johnson
The documentation[0] encourages users to write functions without a default for `app_configs`, and checks are always passed the argument. [0] https://docs.djangoproject.com/en/5.2/topics/checks/
2025-06-11Fixed #36421 -- Made test_msgfmt_error_including_non_ascii compatible with ↵Jericho Serrano
msgfmt 0.25.
2025-06-11Fixed #36425 -- Standardized integer fields descriptions.junghwan16
2025-06-10Added follow-up to CVE-2025-48432 to security archive.Sarah Boyce
2025-06-10Added stub release notes for 5.2.4.Sarah Boyce
2025-06-10Fixed #36448 -- Fixed GeoDjango spelling in test_commands.py docstrings.nakano
2025-06-10Refs #373 -- Doc'd that on_delete is ignored for ForeignObject.Jacob Walls
2025-06-10Fixed #36449 -- Fixed field types in example model using ForeignObject.Jacob Walls
2025-06-10Refs #36419 -- Fixed BulkUpdateTests.test_json_field_sql_null() crash on Oracle.Mariusz Felisiak
Follow up to c1fa3fdd040718356e5a3b9a0fe699d73f47a940.
2025-06-09Refs #34378, #36143, #36416 -- Fixed isolation of ↵Jacob Walls
LookupTests.test_in_bulk_preserve_ordering_with_batch_size(). `max_query_params` is a property, so it must be patched on the class.
2025-06-09Fixed #36446 -- Restored "q" in internal MediaType.params property.Natalia
The "q" key was removed while addressing ticket #36411. Despite `MediaType.params` is undocumented and considered internal, it was used in third-party projects (Zulip reported breakage), so this work restored the `q` key in `params`. Thanks Anders Kaseorg for the report. Regression in c075508b4de8edf9db553b409f8a8ed2f26ecead.
2025-06-09Refs #10785 -- Added missing __hash__() method to custom pk test model.Jacob Walls
2025-06-06Fixed #36419 -- Ensured for_save was propagated when resolving expressions.Clifford Gama
The for_save flag wasn't properly propagated when resolving expressions, which prevented get_db_prep_save() from being called in some cases. This affected fields like JSONField where None would be saved as JSON null instead of SQL NULL. Regression in 00c690efbc0b10f67924687f24a7b30397bf47d9. Thanks to David Sanders and Simon Charette for reviews. Co-authored-by: Adam Johnson <me@adamj.eu>
2025-06-06Refs CVE-2025-48432 -- Prevented log injection in remaining response logging.Jake Howard
Migrated remaining response-related logging to use the `log_response()` helper to avoid potential log injection, to ensure untrusted values like request paths are safely escaped. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-06-06Refs CVE-2025-48432 -- Made SuspiciousOperation logging use log_response() ↵Natalia
for consistency.
2025-06-06Refactored logging_tests to reuse assertions for log records.Natalia
2025-06-06Updated translations from Transifex.Sarah Boyce
Forwardport of 5901cfe591139b4389171ba738be81e8f4d5cfc9 from stable/5.2.x.
2025-06-05Added validation to BaseSpatialFeatures.has_<Func>_function.Tim Graham
2025-06-05Fixed #36435 -- Made CaptureQueriesContext restore reset_queries conditionally.Adam Johnson
2025-06-05Refs #36435 -- Tidied tests for CaptureQueriesContext and assertNumQueries.Adam Johnson
Avoided repeatedly templating the URL and hoisted Person creation to setUpTestData in AssertNumQueriesContextManagerTests to repeat the same pattern as in CaptureQueriesContextManagerTests.
2025-06-05Fixed #36407 -- Ensured default value is cast in Case expressions used in ↵ontowhee
ORDER BY clause. Thanks to deceze for the report. Thanks to Sarah Boyce for the test. Thanks to Simon Charette for the investigation and review.
2025-06-04Added CVE-2025-48432 to security archive.Natalia
2025-06-04Added stub release notes for 5.2.3.Natalia
2025-06-04Fixed CVE-2025-48432 -- Escaped formatting arguments in `log_response()`.Natalia
Suitably crafted requests containing a CRLF sequence in the request path may have allowed log injection, potentially corrupting log files, obscuring other attacks, misleading log post-processing tools, or forging log entries. To mitigate this, all positional formatting arguments passed to the logger are now escaped using "unicode_escape" encoding. Thanks to Seokchan Yoon (https://ch4n3.kr/) for the report. Co-authored-by: Carlton Gibson <carlton@noumenal.es> Co-authored-by: Jake Howard <git@theorangeone.net>
2025-06-04Fixed #36432 -- Fixed a prefetch_related crash on related target subclass ↵Simon Charette
queryset. Regression in 626d77e52a3f247358514bcf51c761283968099c. Refs #36116. Thanks Cornelis Poppema for the excellent report.
2025-06-03Fixed #36411 -- Made HttpRequest.get_preferred_type() consider media type ↵Jake Howard
parameters. HttpRequest.get_preferred_type() did not account for parameters in Accept header media types (e.g., "text/vcard; version=3.0"). This caused incorrect content negotiation when multiple types differed only by parameters, reducing specificity as per RFC 7231 section 5.3.2 (https://datatracker.ietf.org/doc/html/rfc7231.html#section-5.3.2). This fix updates get_preferred_type() to treat media types with parameters as distinct, allowing more precise and standards-compliant matching. Thanks to magicfelix for the report, and to David Sanders and Sarah Boyce for the reviews.
2025-06-03Fixed #36416 -- Made QuerySet.in_bulk() account for composite pks in id_list.Jacob Walls
2025-06-03Fixed #36060 -- Prevented IntegrityError in bulk_create() with ↵myoungjinGo-BE
order_with_respect_to.
2025-06-02Fixed #36423 -- Prevented filter_horizontal buttons from intercepting form ↵Blayze
submission. In the admin's filter_horizontal widget, optional action buttons like "Choose all", "Remove all", etc. were changed from `<a>` to `<button>` elements in #34619, but without specifying `type="button"`. As a result, when pressing Enter while focused on a form input, these buttons could be triggered and intercept form submission. Explicitly set `type="button"` on these control buttons to prevent them from acting as submit buttons. Thanks Antoliny Lee for the quick triage and review. Regression in 857b1048d53ebf5fc5581c110e85c212b81ca83a.
2025-05-28Added stub release notes and release date for 5.2.2, 5.1.10, and 4.2.22.Natalia
2025-05-27Removed redundant redefinition of variable in tests/test_utils/tests.py.Clifford Gama
2025-05-27Removed unreachable check for None in TruncBase.convert_value().Tim Graham
2025-05-26Fixed #36402, Refs #35980 -- Updated built package name in reusable apps ↵Jason Judkins
tutorial for PEP 625.
2025-05-23Fixed flakiness in ↵Nick Pope
file_storage.tests.CustomStorageTests.test_file_get_accessed_time. Two separate calls to look up access time can result in sub-second differences which cause the test to fail. Also made the equivalent tests for ctime and mtime have the same changes to ensure that they won't flake in the same way in future.
2025-05-23Fixed #36405 -- Fixed Aggregate.order_by using OuterRef.Adam Johnson
co-authored-by: Simon Charette <charette.s@gmail.com>
2025-05-23Fixed #36404 -- Fixed Aggregate.filter using OuterRef.Adam Johnson
Regression in a76035e925ff4e6d8676c65cb135c74b993b1039. Thank you to Simon Charette for the review. co-authored-by: Simon Charette <charette.s@gmail.com>
2025-05-23Fixed typo in docs/ref/forms/renderers.txt.Adam Zapletal
2025-05-23Refs #35444 -- Adjusted multi-args distinct aggregate test ordering ↵Simon Charette
expectations. Unless an explicit order_by is specified for the test the ordering of the aggregation results is undefined.
2025-05-23Fixed #36390 -- Deprecated RemoteUserMiddleware subclasses missing ↵Sarah Boyce
aprocess_request(). Regression in 50f89ae850f6b4e35819fe725a08c7e579bfd099. Thank you to shamoon for the report and Natalia Bidart for the review.