chango.git - django

Age	Commit message (Collapse)	Author
2026-04-14	Fixed #27150 -- Made base File objects truthy by default.	VIZZARD-X

2026-03-03	Fixed CVE-2026-25674 -- Prevented potentially incorrect permissions on file ↵	Natalia
	system object creation. This fix introduces `safe_makedirs()` in the `os` utils as a safer alternative to `os.makedirs()` that avoids umask-related race conditions in multi-threaded environments. This is a workaround for https://github.com/python/cpython/issues/86533 and the solution is based on the fix being proposed for CPython. Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> Co-authored-by: Zackery Spytz <zspytz@gmail.com> Refs CVE-2020-24583 and #31921. Thanks Tarek Nakkouch for the report, and Jake Howard, Jacob Walls, and Shai Berger for reviews.
2025-12-09	Fixed #36768 -- Optimized string concatenation in File.__iter__().	varunkasyap

2025-09-14	Fixed typo in django/core/files/storage/base.py docstring.	Siyabonga Dlikilili

2025-07-23	Refs #36500 -- Rewrapped long docstrings and block comments via a script.	django-bot
	Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505.
2025-07-23	Removed double spaces after periods and within phrases.	Sarah Boyce

2025-04-07	Fixed #36298 -- Truncated the overwritten file content in file_move_safe().	Sarah Boyce
	Regression in 58cd4902a71a3695dd6c21dc957f59c333db364c. Thanks Baptiste Mispelon for the report.
2025-02-18	Refs #36005 -- Used datetime.UTC alias instead of datetime.timezone.utc.	Mariusz Felisiak
	datetime.UTC was added in Python 3.11.
2025-02-17	Fixed #36191 -- Truncated the overwritten file content in FileSystemStorage.	Gaël Utard

2025-01-15	Refs #35326 -- Removed FileSystemStorage.OS_OPEN_FLAGS per deprecation timeline.	Sarah Boyce

2024-08-28	Refs #35326 -- Adjusted deprecation warning stacklevel in ↵	Simon Charette
	FileSystemStorage.OS_OPEN_FLAGS.
2024-08-09	Fixed #35658 -- Initialized InMemoryFileNode instances with a name.	lucasesposito

2024-07-24	Fixed #35604, Refs #35326 -- Made FileSystemStorage.exists() behaviour ↵	Sarah Boyce
	independent from allow_overwrite. Partially reverts 0b33a3abc2ca7d68a24f6d0772bc2b9fa603744e. Storage.exists(name) was documented to "return False if the name is available for a new file." but return True if the file exists. This is ambiguous in the overwrite file case. It will now always return whether the file exists. Thank you to Natalia Bidart and Josh Schneier for the review.
2024-07-22	Fixed broken link in django.core.files.temp docstring.	Ellen

2024-07-09	Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save ↵	Natalia
	method. Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah Boyce for the reviews.
2024-05-21	Fixed #35326 -- Added allow_overwrite parameter to FileSystemStorage.	Ben Cail

2024-03-24	Fixed #35323 -- Prevented file_move_safe() from trying to overwrite existing ↵	Ben Cail
	file when allow_overwrite is False.
2024-03-21	Fixed #35320 -- Removed unnecessary django.core.files.move._samefile() hook.	Ben Cail
	os.path.samefile() uses the same implementation on Windows as all other platforms since Python 3.4.
2024-02-20	Fixed #23759 -- Preserved all file extensions in Storage.get_available_name().	Adam Zapletal

2024-01-26	Applied Black's 2024 stable style.	Mariusz Felisiak
	https://github.com/psf/black/releases/tag/24.1.0
2023-09-18	Refs #26029 -- Removed DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings.	Mariusz Felisiak
	This also removes django.core.files.storage.get_storage_class(). Per deprecation timeline.
2023-09-11	Fixed #34642 -- Added File.open() support for args and *kwargs.	Yves Weissig

2023-03-20	Fixed some typos in comments, docstrings, and tests.	Liyang Zhang

2023-01-26	Fixed #34294 -- Protected django.core.files.locks against argtypes ↵	Simon Sawicki
	redefinition on Windows.
2023-01-12	Refs #26029 -- Deprecated DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings.	Jarosław Wygoda

2023-01-12	Fixed #26029 -- Allowed configuring custom file storage backends.	Jarosław Wygoda

2023-01-10	Fixed #34110 -- Added in-memory file storage.	Francesco Panico
	Thanks Paolo Melchiorre, Carlton Gibson, and Mariusz Felisiak for reviews.
2022-11-11	Refs #34110 -- Added StorageSettingsMixin.	Francesco Panico

2022-11-11	Refs #34110 -- Reorganized django.core.files.storage into a separate module.	Francesco Panico

2022-10-24	Fixed #29027 -- Fixed file_move_safe() crash when moving files with SELinux.	Yuri Konotopov
	Thanks Florian Apolloner for the review.
2022-04-11	Fixed #32604 -- Made file upload respect group id when uploading to a ↵	Mateo Radman
	temporary file.
2022-03-24	Refs #32365 -- Removed internal uses of utils.timezone.utc alias.	Carlton Gibson
	Remaining test case ensures that uses of the alias are mapped canonically by the migration writer.
2022-02-07	Refs #33476 -- Refactored code to strictly match 88 characters line length.	Mariusz Felisiak

2022-02-07	Refs #33476 -- Reformatted code with Black.	django-bot

2022-01-04	Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem.	Florian Apolloner
	Thanks to Dennis Brinkrolf for the report.
2021-12-02	Updated various links to HTTPS and new locations.	Mariusz Felisiak
	Co-Authored-By: Nick Pope <nick@nickpope.me.uk>
2021-09-02	Fixed #33079 -- Fixed get_image_dimensions() on nonexistent images.	Stefanos I. Tsaklidis
	Thanks Nick Pope for the review.
2021-07-29	Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵	David Smith
	appropriate.
2021-06-07	Fixed #32821 -- Updated os.scandir() uses to use a context manager.	Chris Jerdonek

2021-06-02	Fixed #28154 -- Prevented infinite loop in FileSystemStorage.save() when a ↵	Jacob Walls
	broken symlink with the same name exists.
2021-05-13	Fixed #32718 -- Relaxed file name validation in FileField.	Mariusz Felisiak
	- Validate filename returned by FileField.upload_to() not a filename passed to the FileField.generate_filename() (upload_to() may completely ignored passed filename). - Allow relative paths (without dot segments) in the generated filename. Thanks to Jakub Kleň for the report and review. Thanks to all folks for checking this patch on existing projects. Thanks Florian Apolloner and Markus Holtermann for the discussion and implementation idea. Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3.
2021-05-12	Fixed #32366 -- Updated datetime module usage to recommended approach.	Nick Pope
	- Replaced datetime.utcnow() with datetime.now(). - Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp(). - Replaced datetime.utctimetuple() with datetime.timetuple(). - Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp().
2021-05-04	Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.	Florian Apolloner

2021-03-19	Refs #32508 -- Raised Type/ValueError instead of using "assert" in django.core.	Daniyal

2020-09-30	Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads.	aryan
	This patch allows upload handlers to handle interrupted uploads. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-09-15	Fixed #31989 -- Fixed return value of ↵	Hasan Ramezani
	django.core.files.locks.lock()/unlock() on POSIX systems.
2020-09-01	Fixed CVE-2020-24583, #31921 -- Fixed permissions on intermediate-level ↵	Mariusz Felisiak
	static and storage directories on Python 3.7+. Thanks WhiteSage for the report.
2020-07-30	Bumped minimum isort version to 5.1.0.	David Smith
	Fixed inner imports per isort 5. isort 5.0.0 to 5.1.0 was unstable.
2019-10-31	Refs #28428 -- Made FileSystemStorage.save() to support pathlib.Path.	Hasan Ramezani

2019-08-30	Fixed #30736 -- Added Storage.get_alternative_name() to allow customization.	yukihira1992