| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2026-03-03 | Fixed CVE-2026-25674 -- Prevented potentially incorrect permissions on file ↵ | Natalia | |
| system object creation. This fix introduces `safe_makedirs()` in the `os` utils as a safer alternative to `os.makedirs()` that avoids umask-related race conditions in multi-threaded environments. This is a workaround for https://github.com/python/cpython/issues/86533 and the solution is based on the fix being proposed for CPython. Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> Co-authored-by: Zackery Spytz <zspytz@gmail.com> Refs CVE-2020-24583 and #31921. Thanks Tarek Nakkouch for the report, and Jake Howard, Jacob Walls, and Shai Berger for reviews. | |||
| 2026-02-03 | Fixed #36879 -- Identified Django client in Redis client metadata. | ar3ph | |
| 2025-12-19 | Fixed #36590 -- Made async cache methods use specialized sync versions if ↵ | eevelweezel | |
| available. Thanks Simon Charette, Sarah Boyce, and Jacob Walls for reviews. | |||
| 2025-07-23 | Refs #36500 -- Rewrapped long docstrings and block comments via a script. | django-bot | |
| Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505. | |||
| 2025-07-23 | Refs #36500 -- Shortened some long docstrings and comments. | Mike Edmunds | |
| Manually reformatted some long docstrings and comments that would be damaged by the to-be-applied autofixer script, in cases where editorial judgment seemed necessary for style or wording changes. | |||
| 2025-07-23 | Removed double spaces after periods and within phrases. | Sarah Boyce | |
| 2025-03-05 | Clarified cryptic comment in django/core/cache/backends/redis.py. | Tim Graham | |
| 2025-03-01 | Applied Black's 2025 stable style. | Mariusz Felisiak | |
| https://github.com/psf/black/releases/tag/25.1.0 | |||
| 2025-02-18 | Refs #36005 -- Used datetime.UTC alias instead of datetime.timezone.utc. | Mariusz Felisiak | |
| datetime.UTC was added in Python 3.11. | |||
| 2024-10-28 | Refs #34900 -- Removed usage of deprecated glob.glob1(). | earthyoung | |
| 2023-06-28 | Fixed #34681 -- Optimized memcache_key_warnings(). | Adam Johnson | |
| 2023-02-01 | Refs #33476 -- Applied Black's 2023 stable style. | David Smith | |
| Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0 | |||
| 2023-01-18 | Refs #34233 -- Used str.removeprefix()/removesuffix(). | Mariusz Felisiak | |
| 2023-01-18 | Fixed #34233 -- Dropped support for Python 3.8 and 3.9. | Mariusz Felisiak | |
| 2022-12-16 | Fixed #34212 -- Made RedisCacheClient.incr() use write connection. | Leo | |
| Co-authored-by: Sin-Woo Bang <sinwoobang@gmail.com> | |||
| 2022-12-13 | Fixed #34209 -- Prevented FileBasedCache.has_key() crash caused by a race ↵ | Marti Raudsepp | |
| condition. | |||
| 2022-07-06 | Fixed #33826 -- Fixed RedisCache.set_many()/delete_many() crash with an ↵ | Christos Kopanos | |
| empty list. | |||
| 2022-07-06 | Used list comprehensions in RedisCache.delete_many(). | Christos Kopanos | |
| 2022-05-16 | Fixed #33681 -- Made Redis client pass CACHES["OPTIONS"] to a connection pool. | Mariusz Felisiak | |
| Thanks Ben Picolo for the report. | |||
| 2022-03-24 | Refs #32365 -- Removed internal uses of utils.timezone.utc alias. | Carlton Gibson | |
| Remaining test case ensures that uses of the alias are mapped canonically by the migration writer. | |||
| 2022-02-07 | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2022-01-13 | Refs #29708 -- Stopped inheriting from PickleSerializer by RedisSerializer. | Adam Johnson | |
| 2021-12-14 | Fixed #33361 -- Fixed Redis cache backend crash on booleans. | Jeremy Lainé | |
| 2021-12-09 | Fixed #33340 -- Fixed unquoted column names in queries used by DatabaseCache. | Arsa | |
| 2021-10-12 | Fixed #28401 -- Allowed hashlib.md5() calls to work with FIPS kernels. | Ade Lee | |
| md5 is not an approved algorithm in FIPS mode, and trying to instantiate a hashlib.md5() will fail when the system is running in FIPS mode. md5 is allowed when in a non-security context. There is a plan to add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate whether or not the instance is being used in a security context. In the case where it is not, the instantiation of md5 will be allowed. See https://bugs.python.org/issue9216 for more details. Some downstream python versions already support this parameter. To support these versions, a new encapsulation of md5() has been added. This encapsulation will pass through the usedforsecurity parameter in the case where the parameter is supported, and strip it if it is not. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-09-20 | Refs #32193 -- Removed MemcachedCache per deprecation timeline. | Mariusz Felisiak | |
| 2021-09-14 | Fixed #33012 -- Added Redis cache backend. | Daniyal | |
| Thanks Carlton Gibson, Chris Jerdonek, David Smith, Keryn Knight, Mariusz Felisiak, and Nick Pope for reviews and mentoring this Google Summer of Code 2021 project. | |||
| 2021-09-07 | Fixed #32076 -- Added async methods to BaseCache. | Andrew-Chen-Wang | |
| This also makes DummyCache async-compatible. | |||
| 2021-09-07 | Fixed #33060 -- Added BaseCache.make_and_validate_key() hook. | Nick Pope | |
| This helper function reduces the amount of duplicated code and makes it easier to ensure that we always validate the keys. | |||
| 2021-09-07 | Refs #33060 -- Ensured cache backends validate keys. | Nick Pope | |
| The validate_key() function should be called after make_key() to ensure that the validation is performed on the key that will actually be stored in the cache. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-09-03 | Refs #33060 -- Added .make_key() in .touch() for dummy cache backend. | Nick Pope | |
| All cache operations should use make_key(). | |||
| 2021-08-31 | Refs #33061 -- Removed unnecessary BaseMemcachedCache.decr(). | Mariusz Felisiak | |
| 2021-08-31 | Fixed #33061 -- Fixed handling nonexistent keys with negative deltas in ↵ | Sondre Lillebø Gundersen | |
| incr()/decr() in memcached backends. Thanks Chris Jerdonek for the review. | |||
| 2021-05-26 | Fixed #32772 -- Made database cache count size once per set. | Michael Lissner | |
| 2021-05-12 | Fixed #32366 -- Updated datetime module usage to recommended approach. | Nick Pope | |
| - Replaced datetime.utcnow() with datetime.now(). - Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp(). - Replaced datetime.utctimetuple() with datetime.timetuple(). - Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp(). | |||
| 2021-05-05 | Fixed #32705 -- Prevented database cache backend from checking .rowcount on ↵ | ecogels | |
| closed cursor. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2020-12-17 | Fixed #29867 -- Added support for storing None value in caches. | Nick Pope | |
| Many of the cache operations make use of the default argument to the .get() operation to determine whether the key was found in the cache. The default value of the default argument is None, so this results in these operations assuming that None is not stored in the cache when it actually is. Adding a sentinel object solves this issue. Unfortunately the unmaintained python-memcached library does not support a default argument to .get(), so the previous behavior is preserved for the deprecated MemcachedCache backend. | |||
| 2020-12-15 | Fixed typo in django/core/cache/backends/base.py docstring. | Abhishek Ghaskata | |
| 2020-12-09 | Fixed #32193 -- Deprecated MemcachedCache. | Mariusz Felisiak | |
| 2020-09-16 | Fixed #29887 -- Added a cache backend for pymemcache. | Nick Pope | |
| 2020-09-02 | Refs #29887, Refs #24212 -- Added servers configuration hook for memcached ↵ | Nick Pope | |
| backends. The servers property can be overridden to allow memcached backends to alter the server configuration prior to it being passed to instantiate the client. This allows avoidance of documentation for per-backend differences, e.g. stripping the 'unix:' prefix for pylibmc. | |||
| 2020-09-01 | Refs #29887 -- Simplified memcached client instantiation. | Nick Pope | |
| 2020-09-01 | Fixed CVE-2020-24584 -- Fixed permission escalation in intermediate-level ↵ | Mariusz Felisiak | |
| directories of the file system cache on Python 3.7+. | |||
| 2020-08-24 | Fixed #31907 -- Fixed missing validate_key() calls in cache backends. | Nick Pope | |
| 2020-08-20 | Refs #29887, #27480 -- Moved touch() to BaseMemcachedCache. | Nick Pope | |
| 2020-08-20 | Fixed comments related to nonexistent keys for incr()/decr() in memcached ↵ | Nick Pope | |
| backends. | |||
| 2020-06-22 | Fixed #31728 -- Fixed cache culling when no key is found for deletion. | Guillermo Bonvehí | |
| DatabaseCache._cull implementation could fail if no key was found to perform a deletion in the table. This prevented the new cache key/value from being correctly added. | |||
| 2020-06-05 | Fixed #31654 -- Fixed cache key validation messages. | Mariusz Felisiak | |
| 2020-06-03 | Fixed CVE-2020-13254 -- Enforced cache key validation in memcached backends. | Dan Palmer | |
