| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-04-02 | Fixed CVE-2025-27556 -- Mitigated potential DoS in ↵ | Sarah Boyce | |
| url_has_allowed_host_and_scheme() on Windows. Thank you sw0rd1ight for the report. | |||
| 2025-01-08 | Fixed #36014 -- Supported international domains in EmailValidator. | Chaitanya Rahalkar | |
| 2024-12-13 | Fixed #36007 -- Removed dead code from URLValidator. | Mike Edmunds | |
| The "Trivial case failed. Try for possible IDN domain" handling was obsoleted by ticket-20003, which adjusted the regular expressions to allow all international domain names (Refs #20003). Uses of `ul` were moved to DomainNameValidator in ticket-18119 (Refs #18119). | |||
| 2024-10-17 | Fixed #35845 -- Updated DomainNameValidator to require entire string to be a ↵ | Justin Thurman | |
| valid domain name. Bug in 4971a9afe5642569f3dcfcd3972ebb39e88dd457. Thank you to kazet for the report and Claude Paroz for the review. | |||
| 2024-05-21 | Fixed #18119 -- Added a DomainNameValidator validator. | Berker Peksag | |
| Thanks Claude Paroz for the review. Co-authored-by: Nina Menezes <77671865+nmenezes0@users.noreply.github.com> | |||
| 2023-11-24 | Fixed #34818 -- Prevented GenericIPAddressField from mutating error messages. | Parth Verma | |
| Co-authored-by: Parth Verma <parth.verma@gmail.com> | |||
| 2023-10-28 | Fixed #34943 -- Made EmailValidator.__eq__() ignore domain_allowlist ordering. | ksg | |
| Signed-off-by: ksg97031 <ksg97031@gmail.com> | |||
| 2023-10-24 | Fixed #34920 -- Made FileExtensionValidator.__eq__() ignore ↵ | ksg97031 | |
| allowed_extensions ordering. | |||
| 2023-07-03 | Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and ↵ | Mariusz Felisiak | |
| URLValidator. Thanks Seokchan Yoon for reports. | |||
| 2023-06-16 | Fixed #34473 -- Fixed step validation for form fields with non-zero minimum ↵ | Jacob Rief | |
| value. | |||
| 2023-01-18 | Fixed #34233 -- Dropped support for Python 3.8 and 3.9. | Mariusz Felisiak | |
| 2022-09-17 | Fixed #34014 -- Fixed DecimalValidator validating 0 in positive exponent ↵ | Kamil Turek | |
| scientific notation. Thanks Shiplu Mokaddim for the report. | |||
| 2022-05-12 | Fixed #32559 -- Added 'step_size’ to numeric form fields. | Kapil Bansal | |
| Co-authored-by: Jacob Rief <jacob.rief@uibk.ac.at> | |||
| 2022-02-07 | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2022-01-07 | Fixed #28628 -- Changed \d to [0-9] in regexes where appropriate. | Ad Timmering | |
| 2021-12-20 | Fixed #33367 -- Fixed URLValidator crash in some edge cases. | mendespedro | |
| 2021-09-20 | Refs #31670 -- Removed whitelist argument and domain_whitelist attribute in ↵ | Mariusz Felisiak | |
| EmailValidator per deprecation timeline. | |||
| 2021-08-06 | Fixed typo in regex for IPv6 literals in EmailValidator. | qimingmafan | |
| 2021-07-22 | Fixed #32930 -- Fixed URLValidator when port numbers < 10. | Wu Haotian | |
| 2021-06-02 | Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses. | Mariusz Felisiak | |
| validate_ipv4_address() was affected only on Python < 3.9.5, see [1]. URLValidator() uses a regular expressions and it was affected on all Python versions. [1] https://bugs.python.org/issue36384 | |||
| 2021-05-06 | Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being ↵ | Mariusz Felisiak | |
| accepted in URLValidator on Python 3.9.5+. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs [1, 2]. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid. [1] https://bugs.python.org/issue43882 and [2] https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 | |||
| 2021-01-04 | Fixed #32298 -- Fixed URLValidator hostname length validation. | Akshat1Nar | |
| URLValidator now validates the maximum length of a hostname without the userinfo and port. | |||
| 2020-07-27 | Fixed #31806 -- Made validators include the value in ValidationErrors. | Jon Dufresne | |
| 2020-07-27 | Removed redundant forms.DecimalField.validate() in favor of DecimalValidator. | Jon Dufresne | |
| 2020-06-18 | Refs #31670 -- Renamed whitelist argument and attribute of EmailValidator. | David Smith | |
| 2020-05-11 | Refs #30116 -- Simplified regex match group access with Match.__getitem__(). | Jon Dufresne | |
| The method has been available since Python 3.6. The shorter syntax is also marginally faster. | |||
| 2020-05-08 | Fixed #31548 -- Fixed URLValidator crash on non-strings. | Yash Saini | |
| 2020-04-20 | Capitalized Unicode in docs, strings, and comments. | Jon Dufresne | |
| 2020-02-28 | Fixed #31311 -- Removed unneeded escapes in validator regexes. | kimbo | |
| Special characters lose their special meaning inside sets of characters. "-" lose its special meaning if it's placed as the first or last character. | |||
| 2019-10-29 | Refs #30899 -- Moved _lazy_re_compile() to the django.utils.regex_helper. | Hasan Ramezani | |
| 2019-10-01 | Fixed #30651 -- Made __eq__() methods return NotImplemented for not ↵ | ElizabethU | |
| implemented comparisons. Changed __eq__ to return NotImplemented instead of False if compared to an object of the same type, as is recommended by the Python data model reference. Now these models can be compared to ANY (or other objects with __eq__ overwritten) without returning False automatically. | |||
| 2019-07-03 | Refs #30608 -- Added django.utils.encoding.punycode(). | Mariusz Felisiak | |
| 2019-06-28 | Fixed #30400 -- Improved typography of user facing strings. | Jon Dufresne | |
| Thanks Claude Paroz for assistance with translations. | |||
| 2018-10-22 | Fixed #29860 -- Allowed BaseValidator to accept a callable limit_value. | buzzi | |
| 2018-07-23 | Fixed #29528 -- Made URLValidator reject invalid characters in the username ↵ | Tim Bell | |
| and password. | |||
| 2018-04-19 | Ref #23919 -- Replaced some os.path usage with pathlib.Path. | Tom | |
| 2018-01-30 | Fixed #29065 -- Made django.core.validators only load Pillow if needed. | Collin Anderson | |
| 2018-01-10 | Fixed #29007 -- Fixed DecimalValidator crash on NaN, SNan, Inf, and Infinity ↵ | Fabio Bonelli | |
| values. | |||
| 2017-12-07 | Fixed #28906 -- Removed unnecessary bool() calls. | Tim Graham | |
| 2017-09-27 | Fixed #28562 -- Fixed DecimalValidator handling of positive exponent ↵ | Josh Schneier | |
| scientific notation. | |||
| 2017-09-07 | Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()." | Tim Graham | |
| This reverts commit 550cb3a365dee4edfdd1563224d5304de2a57fda because try/except performs better. | |||
| 2017-08-12 | Fixed #28201 -- Added ProhibitNullCharactersValidator and used it on ↵ | Alejandro Zamora | |
| CharField form field. | |||
| 2017-06-28 | Fixed #27818 -- Replaced try/except/pass with contextlib.suppress(). | Mads Jensen | |
| 2017-06-07 | Fixed #28165 -- Ignored case in FileExtensionValidator's allowed_extensions. | Arne de Laat | |
| 2017-05-27 | Fixed #28249 -- Removed unnecessary dict.keys() calls. | Jon Dufresne | |
| iter(dict) is equivalent to iter(dict.keys()). | |||
| 2017-05-25 | Made RegexValidator's inverse_match logic clearer. | Edward D'Souza | |
| 2017-04-27 | Refs #27795 -- Replaced many force_text() with str() | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-03-23 | Fixed #27952 -- Added translation hint for RegexValidator error message. | Paul | |
| 2017-03-21 | Fixed #27945 -- Clarified that RegexValidator searches with the regex. | seanfagan | |
