summaryrefslogtreecommitdiff
path: root/django/core/serializers
AgeCommit message (Collapse)Author
2026-04-19Added support for nested fields to XML deserializer.Tim Graham
Needed by Django MongoDB Backend's EmbeddedModelField.
2026-04-19Removed OrderedDict representer from PyYAML serializer.Tim Graham
Added in 5bc3123479bd97dc9d8a36fa9a3421a71063d1da (refs #24558), it was obsoleted when OrderedDict usage was removed in 24b82cd201e21060fbc02117dc16d1702877a1f3 (refs #30159).
2026-04-19Refs #36986 -- Replaced yaml's Serializer._value_from_field() time handling ↵Tim Graham
with a representer.
2026-04-19Replaced yaml serializer workaround to preserve dict order with PyYAML's ↵Tim Graham
sort_keys=False. The sort_keys parameter was added in PyYAML 5.1 (released March 2019). The workaround was added in 24b82cd201e21060fbc02117dc16d1702877a1f3 (refs #30159).
2026-04-06Fixed #37023 -- Made XML serializer put each ManyToManyField object on its ↵Tim Graham
own line.
2026-04-06Refs #37023 -- Removed hardcoded indent levels from XML serializer.Tim Graham
This facilitates nested fields and objects.
2026-02-26Fixed #36750 -- Made ordering of M2M objects deterministic in serializers.VIZZARD-X
Co-authored-by: Simon Charette <charette.s@gmail.com> Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2026-01-12Refs #36769 -- Raised SuspiciousOperation for unexpected nested tags in XML ↵Jacob Walls
Deserializer. Thanks Shai Berger and Natalia Bidart for reviews.
2026-01-12Refs #36769 -- Avoided visiting grandchild nodes in XML Deserializer.Jacob Walls
The only use case for visiting grandchild nodes turned out to be to support an unintentionally invalid fixture in the test suite. The invalid fixture added in #36969 was modeled on fixture9.xml in dae08cf55b83caef5e8ee39b16417692e8565278, so that is corrected as well in this commit, where the test will still pass.
2025-12-22Fixed #36786 -- Fixed XML serialization of None values in natural keys.Youngkwang Yang
None values in natural keys were incorrectly serialized as the string "None", causing deserialization to fail for fields like UUIDField.
2025-12-17Fixed #27380 -- Added "raw" argument to m2m_changed signals.Mariusz Felisiak
2025-12-11Fixed #36769 -- Avoided visiting deeply nested nodes in XML deserializer.Pravin Kamble
Only children at one level of depth need to be visited. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2025-12-03Fixed #35729 -- Enabled natural key serialization opt-out for subclasses.rimi0108
Refactored serialization logic to allow models inheriting a natural_key() method (e.g. AbstractBaseUser) to explicitly opt out of natural key serialization by returning an empty tuple from the method. Thanks Jonas Dittrich for the report. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2025-12-02Fixed CVE-2025-64460 -- Corrected quadratic inner text accumulation in XML ↵Shai Berger
serializer. Previously, `getInnerText()` recursively used `list.extend()` on strings, which added each character from child nodes as a separate list element. On deeply nested XML content, this caused the overall deserialization work to grow quadratically with input size, potentially allowing disproportionate CPU consumption for crafted XML. The fix separates collection of inner texts from joining them, so that each subtree is joined only once, reducing the complexity to linear in the size of the input. These changes also include a mitigation for a xml.dom.minidom performance issue. Thanks Seokchan Yoon (https://ch4n3.kr/) for report. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-07-23Refs #36500 -- Rewrapped long docstrings and block comments via a script.django-bot
Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505.
2025-07-23Removed double spaces after periods and within phrases.Sarah Boyce
2025-03-11Fixed #36177 -- Added a trailing newline to JSON serializer. (#19232)Tom Carrick
2025-01-08Fixed #36062 -- Handled serialization of CompositePrimaryKeys.Sarah Boyce
2024-12-18Fixed #35996 -- Fixed database serialization crash when serializing a ↵Erica Pisani
many-to-many field that had a prefetch.
2024-11-29Fixed #373 -- Added CompositePrimaryKey.Bendeguz Csirmaz
Thanks Lily Foote and Simon Charette for reviews and mentoring this Google Summer of Code 2024 project. Co-authored-by: Simon Charette <charette.s@gmail.com> Co-authored-by: Lily Foote <code@lilyf.org>
2024-11-12Refs #21286 -- Fixed YAML serialization of TimeField primary key.Adam Zapletal
Handling for PyYAML not being able to serialize `datetime.time` values is moved from `handle_field` to `_value_from_field` as only non-primary key, non-relation fields are passed into `handle_field`.
2024-09-17Fixed #29522 -- Refactored the Deserializer functions to classes.Amir Karimi
Co-authored-by: Emad Mokhtar <emad.mokhtar@veneficus.nl>
2024-02-20Fixed #35236 -- Used Field.attname/column attributes instead of ↵Adam Johnson
get_attname()/get_attname_column().
2024-01-26Applied Black's 2024 stable style.Mariusz Felisiak
https://github.com/psf/black/releases/tag/24.1.0
2023-08-19Fixed #34779 -- Avoided unnecessary selection of non-nullable m2m fields ↵Juan Alvarez
without natural keys during serialization. By using `select_related(None)` instead of `select_related()`, the unnecessary joins are completely avoided. Note that the current tests already covers the change, when the field is not `null=True`. Regression in f9936deed1ff13b20e18bd9ca2b0750b52706b6c.
2023-06-04Fixed #34620 -- Fixed serialization crash on m2m fields without natural keys ↵Mariusz Felisiak
when base querysets use select_related(). Regression in 19e0587ee596debf77540d6a08ccb6507e60b6a7. Thanks Martin Svoboda for the report.
2023-02-01Refs #33476 -- Applied Black's 2023 stable style.David Smith
Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0
2023-01-18Refs #34233 -- Used str.removeprefix()/removesuffix().Mariusz Felisiak
2023-01-17Refs #29708 -- Removed PickleSerializer per deprecation timeline.Mariusz Felisiak
2022-09-05Fixed #33937 -- Optimized serialization of related m2m fields without ↵Mark Evans
natural keys.
2022-03-18Fixed #33582 -- Fixed deserializing natural keys with foreing key ↵François Granade
dependencies in a multiple database setup.
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-01-13Fixed #29708 -- Deprecated PickleSerializer.Adam Johnson
2021-09-02Refs #33012 -- Moved PickleSerializer to django.core.serializers.base and ↵Daniyal Abbasi
added tests.
2021-02-05Fixed #32420 -- Fixed detecting primary key values in deserialization when ↵Mikolaj Rybinski
PK is also a FK.
2020-07-30Bumped minimum isort version to 5.1.0.David Smith
Fixed inner imports per isort 5. isort 5.0.0 to 5.1.0 was unstable.
2020-06-17Fixed #30583 -- Fixed handling JSONFields in XML serializer.Hasan Ramezani
Co-authored-by: Chason Chaffin <chason@gmail.com>
2020-06-17Refs #30190 -- Minor edits to JSONL serializer.Mariusz Felisiak
Follow up to e29637681be07606674cdccb47d1e53acb930f5b.
2020-06-16Fixed #30190 -- Added JSONL serializer.Ali Vakilzade
2020-05-25Fixed #29078 -- Made serializers respect prefetch_related() for m2m fields.Claude Paroz
2020-04-28Fixed #29249 -- Made JSON and YAML serializers use Unicode by default.Hasan Ramezani
2020-04-07Fixed #31051 -- Allowed dumpdata to handle circular references in natural keys.Matthijs Kooijman
Since #26291 forward references in natural keys are properly handled by loaddata, so sorting depenencies in dumpdata doesn't need to break on cycles. This patch allows circular references in natural keys by breaking sort_depenencies() on loops.
2020-01-29Used model's Options.label/label_lower where applicable.Mariusz Felisiak
2019-12-13Fixed #26743 -- Fixed UnboundLocalError crash when deserializing m2m fields ↵Baptiste Mispelon
and value isn't iterable.
2019-06-27Fixed #28725 -- Prevented serializing inherited ManyToManyFields in child model.Nadège Michel
2019-04-18Fixed typos in docs, comments, and exception messages.Ville Skyttä
2019-02-06Fixed #30159 -- Removed unneeded use of OrderedDict.Nick Pope
Dicts preserve order since Python 3.6.
2018-11-27Fixed #28385 -- Fixed deserializing natural keys when primary key has a ↵dmytryi.striletskyi
default value. Co-Authored-By: Hasan Ramezani <hasan.r67@gmail.com>
2018-09-26Refs #29784 -- Switched to https:// links where available.Jon Dufresne
2018-08-01Fixed typos in comments and docs.luz.paz