| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2026-04-27 | Fixed #36901 -- Centralized auth timing attack mitigations. | afenoum | |
| Thank you Mar Bartolome and Tim Schilling for reviews. | |||
| 2026-04-24 | Fixed #36542 -- Marked authenticate() with @sensitive_variables() decorator. | KANIN KEARPIMY | |
| Thanks Olivier Dalang, Tim McCurrach, Sarah Boyce, and Mar Bartolome for reviews. | |||
| 2026-04-07 | Fixed #37021 -- Added Permission.user_perm_str property. | mariatta | |
| For use in checking user permissions via has_perm(). Co-authored-by: 사재혁 <jaehyuck.sa.dev@gmail.com> | |||
| 2026-04-02 | Fixed #37017 -- Fixed setting or clearing of request.user after ↵ | Jacob Walls | |
| alogin/alogout(). Regression in 31a43c571f4d036827d4fd7a5f615591637dc1be. | |||
| 2026-02-27 | Fixed #27489 -- Renamed permissions upon model renaming in migrations. | Artyom Kotovskiy | |
| Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com> | |||
| 2026-02-27 | Fixed #34643 -- Moved inputs beneath labels and errors in admin forms. | antoliny0919 | |
| Thanks Sarah Boyce and Jacob Walls for reviews. Co-authored-by: Hrushikesh Vaidya <hrushikeshrv@gmail.com> | |||
| 2026-02-10 | Fixed #36903 -- Fixed further NameErrors when inspecting functions with ↵ | 93578237 | |
| deferred annotations. Provide a wrapper for safe introspection of user functions on Python 3.14+. Follow-up to 601914722956cc41f1f2c53972d669ddee6ffc04. | |||
| 2026-02-03 | Fixed CVE-2025-13473 -- Standardized timing of check_password() in mod_wsgi ↵ | Jake Howard | |
| auth handler. Refs CVE-2024-39329, #20760. Thanks Stackered for the report, and Jacob Walls and Markus Holtermann for the reviews. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2026-01-31 | Refs #34118 -- Removed asgiref coroutine detection shims. | Jacob Walls | |
| As Python 3.12 is now the floor, we can drop the shims and use the `inspect` module. | |||
| 2026-01-05 | Fixed #36843, #36793 -- Reverted "Fixed #27489 -- Renamed permissions upon ↵ | Jacob Walls | |
| model renaming in migrations." This reverts commits f02b49d2f3bf84f5225de920ca510149f1f9f1da and 6e89271a8507fe272d11814975500a1b40303a04. | |||
| 2025-12-02 | Updated translations from Transifex. | Natalia | |
| Forwardport of 00575b79312c719a6b37035067095e2d679bb5d7 from stable/6.0.x. | |||
| 2025-11-12 | Fixed #36717 -- Redirect authenticated users on admin login view to next URL. | Benedict Etzel | |
| Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2025-11-05 | Fixed #36709 -- Included static methods in system check for ↵ | Harsh Jain | |
| UserModel.is_anonymous/is_authenticated methods. | |||
| 2025-10-14 | Refs #31223 -- Added __class_getitem__() to SetPasswordMixin. | Thibaut Decombe | |
| 2025-09-18 | Updated translations from Transifex. | Natalia | |
| Forwardport of 2a2936c3e6444a0f37156773ca405cedaf28dea7 from stable/5.2.x. | |||
| 2025-09-17 | Increased the default PBKDF2 iterations for Django 6.1. | Jacob Walls | |
| 2025-09-17 | Refs #36390 -- Removed support for RemoteUserMiddleware subclasses missing ↵ | Jacob Walls | |
| aprocess_request(). Per deprecation timeline. | |||
| 2025-09-17 | Refs #35530 -- Removed request.user or auser() fallback in auth.login and ↵ | Jacob Walls | |
| auth.alogin. Per deprecation timeline. | |||
| 2025-09-15 | Refs #27489 -- Made RenamePermission() operation respect database. | David Sanders | |
| Regression in f02b49d2f3bf84f5225de920ca510149f1f9f1da. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2025-09-11 | Fixed #36603 -- Optimized check order in LoginRequiredMiddleware. | Adam Johnson | |
| 2025-08-27 | Fixed #36572 -- Revert "Fixed #36546 -- Deprecated ↵ | Sarah Boyce | |
| django.utils.crypto.constant_time_compare() in favor of hmac.compare_digest()." This reverts commit 0246f478882c26bc1fe293224653074cd46a90d0. | |||
| 2025-08-25 | Fixed #36546 -- Deprecated django.utils.crypto.constant_time_compare() in ↵ | SaJH | |
| favor of hmac.compare_digest(). Signed-off-by: SaJH <wogur981208@gmail.com> | |||
| 2025-08-22 | Refs #35530 -- Corrected deprecation message in auth.alogin(). | Mariusz Felisiak | |
| Follow up to ceecd518b19044181a3598c55ebed7c2545963cc. | |||
| 2025-08-20 | Refs #35303 -- Made small optimizations in alogout() and aget_user(). | Mariusz Felisiak | |
| In alogout(), there is no need to check the is_authenticated attribute when user is None. In aget_user(), there is no need to call get_session_auth_hash() twice. Follow up to 50f89ae850f6b4e35819fe725a08c7e579bfd099. | |||
| 2025-08-20 | Fixed #36561 -- Used request.auser() in ↵ | Xinyi Rong | |
| contrib.auth.aupdate_session_auth_hash(). | |||
| 2025-08-19 | Fixed #27489 -- Renamed permissions upon model renaming in migrations. | Artyom Kotovskiy | |
| 2025-08-08 | Fixed #36540 -- Updated request.auser() in contrib.auth.alogin() and ↵ | Xinyi Rong | |
| contrib.auth.alogout(). | |||
| 2025-07-31 | Fixed #36439 -- Optimized acheck_password by using sync_to_async on ↵ | Roel Delos Reyes | |
| verify_password. | |||
| 2025-07-23 | Refs #36500 -- Rewrapped long docstrings and block comments via a script. | django-bot | |
| Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505. | |||
| 2025-07-23 | Refs #36500 -- Shortened some long docstrings and comments. | Mike Edmunds | |
| Manually reformatted some long docstrings and comments that would be damaged by the to-be-applied autofixer script, in cases where editorial judgment seemed necessary for style or wording changes. | |||
| 2025-07-23 | Removed double spaces after periods and within phrases. | Sarah Boyce | |
| 2025-07-22 | Standardized how method_decorator is used in contrib.auth views and admin. | Claude Paroz | |
| Updated django.contrib.auth's views and admin modules to apply decorators consistently. | |||
| 2025-07-22 | Fixed #36226 -- Accepted str or bytes for password and salt in password hashers. | Roel Delos Reyes | |
| Co-authored-by: Screamadelica <1621456391@sjtu.edu.cn> | |||
| 2025-06-11 | Removed default value for app_configs in system check functions. | Adam Johnson | |
| The documentation[0] encourages users to write functions without a default for `app_configs`, and checks are always passed the argument. [0] https://docs.djangoproject.com/en/5.2/topics/checks/ | |||
| 2025-06-06 | Updated translations from Transifex. | Sarah Boyce | |
| Forwardport of 5901cfe591139b4389171ba738be81e8f4d5cfc9 from stable/5.2.x. | |||
| 2025-05-23 | Fixed #36390 -- Deprecated RemoteUserMiddleware subclasses missing ↵ | Sarah Boyce | |
| aprocess_request(). Regression in 50f89ae850f6b4e35819fe725a08c7e579bfd099. Thank you to shamoon for the report and Natalia Bidart for the review. | |||
| 2025-04-23 | Simplified UserManager.with_perm() by using get_backends(). | Bona Fide IT GmbH | |
| 2025-04-17 | Fixed #35959 -- Displayed password reset button in admin only when user has ↵ | Sarah Boyce | |
| sufficient permissions. This change ensures that the "Reset password" button in the admin is shown only when the user has the necessary permission to perform a password change operation. It reuses the password hashing rendering logic in `display_for_field` to show the appropriate read-only widget for users with view-only access. | |||
| 2025-04-17 | Refs #35959 -- Added render_password_as_hash auth template tag for password ↵ | Sarah Boyce | |
| rendering. | |||
| 2025-04-17 | Fixed #36314 -- Fixed MinimumLengthValidator error message translation. | Ahmed Nassar | |
| Regression in ec7d69035a408b357f1803ca05a7c991cc358cfa. Thank you Gabriel Trouvé for the report and Claude Paroz for the review. | |||
| 2025-03-31 | Refs #28909 -- Simplified code using unpacking generalizations. | Aarni Koskela | |
| 2025-03-31 | Updated translations from Transifex. | Sarah Boyce | |
| Forwardport of cc31b389a11559396fc039511c0dc567d9ade469 from stable/5.2.x. | |||
| 2025-03-27 | Fixed #34917 -- Underlined links in the main content area of the admin. | antoliny0919 | |
| 2025-03-19 | Updated source translation catalogs. | Mariusz Felisiak | |
| Forwardport of d2b1ec551567c208abfdd21b27ff6d08ae1a6371 from stable/5.2.x | |||
| 2025-02-18 | Fixed #36179 -- Unhexed entries and removed duplicates in ↵ | mimi89999 | |
| auth/common-passwords.txt.gz. | |||
| 2025-02-01 | Fixed #36140 -- Allowed BaseUserCreationForm to define non required password ↵ | nessita | |
| fields. Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3. Thanks buffgecko12 for the report and Sarah Boyce for the review. | |||
| 2025-01-15 | Increased the default PBKDF2 iterations for Django 6.0. | Sarah Boyce | |
| 2025-01-15 | Refs #35060 -- Removed passing positional arguments to Model.save()/asave() ↵ | Sarah Boyce | |
| per deprecation timeline. | |||
| 2025-01-15 | Refs #22569 -- Made request required in ModelAdmin.lookup_allowed() per ↵ | Sarah Boyce | |
| deprecation timeline. | |||
| 2025-01-13 | Fixed #36087 -- Supported password reset on a custom user model with a ↵ | Sarah Boyce | |
| composite primary key. | |||
 |
index : chango.git | |
| django |
| summaryrefslogtreecommitdiff |