summaryrefslogtreecommitdiff
path: root/django/core/cache/backends
AgeCommit message (Collapse)Author
2026-03-03Fixed CVE-2026-25674 -- Prevented potentially incorrect permissions on file ↵Natalia
system object creation. This fix introduces `safe_makedirs()` in the `os` utils as a safer alternative to `os.makedirs()` that avoids umask-related race conditions in multi-threaded environments. This is a workaround for https://github.com/python/cpython/issues/86533 and the solution is based on the fix being proposed for CPython. Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> Co-authored-by: Zackery Spytz <zspytz@gmail.com> Refs CVE-2020-24583 and #31921. Thanks Tarek Nakkouch for the report, and Jake Howard, Jacob Walls, and Shai Berger for reviews.
2026-02-03Fixed #36879 -- Identified Django client in Redis client metadata.ar3ph
2025-12-19Fixed #36590 -- Made async cache methods use specialized sync versions if ↵eevelweezel
available. Thanks Simon Charette, Sarah Boyce, and Jacob Walls for reviews.
2025-07-23Refs #36500 -- Rewrapped long docstrings and block comments via a script.django-bot
Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505.
2025-07-23Refs #36500 -- Shortened some long docstrings and comments.Mike Edmunds
Manually reformatted some long docstrings and comments that would be damaged by the to-be-applied autofixer script, in cases where editorial judgment seemed necessary for style or wording changes.
2025-07-23Removed double spaces after periods and within phrases.Sarah Boyce
2025-03-05Clarified cryptic comment in django/core/cache/backends/redis.py.Tim Graham
2025-03-01Applied Black's 2025 stable style.Mariusz Felisiak
https://github.com/psf/black/releases/tag/25.1.0
2025-02-18Refs #36005 -- Used datetime.UTC alias instead of datetime.timezone.utc.Mariusz Felisiak
datetime.UTC was added in Python 3.11.
2024-10-28Refs #34900 -- Removed usage of deprecated glob.glob1().earthyoung
2023-06-28Fixed #34681 -- Optimized memcache_key_warnings().Adam Johnson
2023-02-01Refs #33476 -- Applied Black's 2023 stable style.David Smith
Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0
2023-01-18Refs #34233 -- Used str.removeprefix()/removesuffix().Mariusz Felisiak
2023-01-18Fixed #34233 -- Dropped support for Python 3.8 and 3.9.Mariusz Felisiak
2022-12-16Fixed #34212 -- Made RedisCacheClient.incr() use write connection.Leo
Co-authored-by: Sin-Woo Bang <sinwoobang@gmail.com>
2022-12-13Fixed #34209 -- Prevented FileBasedCache.has_key() crash caused by a race ↵Marti Raudsepp
condition.
2022-07-06Fixed #33826 -- Fixed RedisCache.set_many()/delete_many() crash with an ↵Christos Kopanos
empty list.
2022-07-06Used list comprehensions in RedisCache.delete_many().Christos Kopanos
2022-05-16Fixed #33681 -- Made Redis client pass CACHES["OPTIONS"] to a connection pool.Mariusz Felisiak
Thanks Ben Picolo for the report.
2022-03-24Refs #32365 -- Removed internal uses of utils.timezone.utc alias.Carlton Gibson
Remaining test case ensures that uses of the alias are mapped canonically by the migration writer.
2022-02-07Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-01-13Refs #29708 -- Stopped inheriting from PickleSerializer by RedisSerializer.Adam Johnson
2021-12-14Fixed #33361 -- Fixed Redis cache backend crash on booleans.Jeremy Lainé
2021-12-09Fixed #33340 -- Fixed unquoted column names in queries used by DatabaseCache.Arsa
2021-10-12Fixed #28401 -- Allowed hashlib.md5() calls to work with FIPS kernels.Ade Lee
md5 is not an approved algorithm in FIPS mode, and trying to instantiate a hashlib.md5() will fail when the system is running in FIPS mode. md5 is allowed when in a non-security context. There is a plan to add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate whether or not the instance is being used in a security context. In the case where it is not, the instantiation of md5 will be allowed. See https://bugs.python.org/issue9216 for more details. Some downstream python versions already support this parameter. To support these versions, a new encapsulation of md5() has been added. This encapsulation will pass through the usedforsecurity parameter in the case where the parameter is supported, and strip it if it is not. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-09-20Refs #32193 -- Removed MemcachedCache per deprecation timeline.Mariusz Felisiak
2021-09-14Fixed #33012 -- Added Redis cache backend.Daniyal
Thanks Carlton Gibson, Chris Jerdonek, David Smith, Keryn Knight, Mariusz Felisiak, and Nick Pope for reviews and mentoring this Google Summer of Code 2021 project.
2021-09-07Fixed #32076 -- Added async methods to BaseCache.Andrew-Chen-Wang
This also makes DummyCache async-compatible.
2021-09-07Fixed #33060 -- Added BaseCache.make_and_validate_key() hook.Nick Pope
This helper function reduces the amount of duplicated code and makes it easier to ensure that we always validate the keys.
2021-09-07Refs #33060 -- Ensured cache backends validate keys.Nick Pope
The validate_key() function should be called after make_key() to ensure that the validation is performed on the key that will actually be stored in the cache. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-09-03Refs #33060 -- Added .make_key() in .touch() for dummy cache backend.Nick Pope
All cache operations should use make_key().
2021-08-31Refs #33061 -- Removed unnecessary BaseMemcachedCache.decr().Mariusz Felisiak
2021-08-31Fixed #33061 -- Fixed handling nonexistent keys with negative deltas in ↵Sondre Lillebø Gundersen
incr()/decr() in memcached backends. Thanks Chris Jerdonek for the review.
2021-05-26Fixed #32772 -- Made database cache count size once per set.Michael Lissner
2021-05-12Fixed #32366 -- Updated datetime module usage to recommended approach.Nick Pope
- Replaced datetime.utcnow() with datetime.now(). - Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp(). - Replaced datetime.utctimetuple() with datetime.timetuple(). - Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp().
2021-05-05Fixed #32705 -- Prevented database cache backend from checking .rowcount on ↵ecogels
closed cursor. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-12-17Fixed #29867 -- Added support for storing None value in caches.Nick Pope
Many of the cache operations make use of the default argument to the .get() operation to determine whether the key was found in the cache. The default value of the default argument is None, so this results in these operations assuming that None is not stored in the cache when it actually is. Adding a sentinel object solves this issue. Unfortunately the unmaintained python-memcached library does not support a default argument to .get(), so the previous behavior is preserved for the deprecated MemcachedCache backend.
2020-12-15Fixed typo in django/core/cache/backends/base.py docstring.Abhishek Ghaskata
2020-12-09Fixed #32193 -- Deprecated MemcachedCache.Mariusz Felisiak
2020-09-16Fixed #29887 -- Added a cache backend for pymemcache.Nick Pope
2020-09-02Refs #29887, Refs #24212 -- Added servers configuration hook for memcached ↵Nick Pope
backends. The servers property can be overridden to allow memcached backends to alter the server configuration prior to it being passed to instantiate the client. This allows avoidance of documentation for per-backend differences, e.g. stripping the 'unix:' prefix for pylibmc.
2020-09-01Refs #29887 -- Simplified memcached client instantiation.Nick Pope
2020-09-01Fixed CVE-2020-24584 -- Fixed permission escalation in intermediate-level ↵Mariusz Felisiak
directories of the file system cache on Python 3.7+.
2020-08-24Fixed #31907 -- Fixed missing validate_key() calls in cache backends.Nick Pope
2020-08-20Refs #29887, #27480 -- Moved touch() to BaseMemcachedCache.Nick Pope
2020-08-20Fixed comments related to nonexistent keys for incr()/decr() in memcached ↵Nick Pope
backends.
2020-06-22Fixed #31728 -- Fixed cache culling when no key is found for deletion.Guillermo Bonvehí
DatabaseCache._cull implementation could fail if no key was found to perform a deletion in the table. This prevented the new cache key/value from being correctly added.
2020-06-05Fixed #31654 -- Fixed cache key validation messages.Mariusz Felisiak
2020-06-03Fixed CVE-2020-13254 -- Enforced cache key validation in memcached backends.Dan Palmer