summaryrefslogtreecommitdiff
path: root/django/core
AgeCommit message (Collapse)Author
2025-04-02[5.2.x] Fixed CVE-2025-27556 -- Mitigated potential DoS in ↵Sarah Boyce
url_has_allowed_host_and_scheme() on Windows. Thank you sw0rd1ight for the report. Backport of 39e2297210d9d2938c75fc911d45f0e863dc4821 from main.
2025-03-21[5.2.x] Fixed #36266 -- Renamed HIDE_PRODUCTION_WARNING environment variable ↵Johanan Oppong Amoateng
to DJANGO_RUNSERVER_HIDE_WARNING. Backport of 5adadf6e8c74ab14d432e9d682ca1914789386de from main.
2025-03-17[5.2.x] Fixed #36252 -- Handled duplicate automatic imports in the shell ↵hesham942
command. Backport of e804a07d76fc85468f27f7130ae1442fabcd650d from main.
2025-03-07[5.2.x] Fixed #36224 -- Fixed shell imports when settings not configured.Sarah Boyce
Thank you Raffaella for the report. Thank you Tim Schilling and Natalia Bidart for the reviews. Backport of de1117ea8eabe0ee0aa048e5a4e249eab7c4245e from main.
2025-03-05[5.2.x] Clarified cryptic comment in django/core/cache/backends/redis.py.Tim Graham
Backport of 9a729fb61add16d89a4b42b491aec2d22f1ae69a from main.
2025-03-01[5.2.x] Applied Black's 2025 stable style.Mariusz Felisiak
https://github.com/psf/black/releases/tag/25.1.0 Backport of ff3aaf036f0cb66cd8f404cd51c603e68aaa7676 from main
2025-02-17[5.2.x] Fixed #36191 -- Truncated the overwritten file content in ↵Gaël Utard
FileSystemStorage. Backport of 0d1dd6bba0c18b7feb6caa5cbd8df80fbac54afd from main.
2025-02-13[5.2.x] Fixed #36158 -- Refactored shell command to improve auto-imported ↵Natalia
objects reporting. Backport of 56e23b2319cc29e6f8518f8f21f95a530dddb930 from main.
2025-02-10[5.2.x] Refs #35515 -- Fixed shell command verbose output when ↵Natalia
auto-importing 0 or 1 object. Co-authored-by: Salvo Polizzi <salvopolizzi03@gmail.com> Backport of 0597e8ad1e55b565292ead732916aa0e39bdf37b from main.
2025-02-10[5.2.x] Refs #35515 -- Refactored internal `get_and_report_namespace` in the ↵Natalia
shell command. Backport of 44ccd20375ba0d4da869ef994bc10a2311e9dc88 from main.
2025-01-31[5.2.x] Fixed #36119 -- Fixed UnicodeEncodeError when attaching a file with ↵greg
8bit Content-Transfer-Encoding. Backport of 89e28e13ecbf9fbcf235e16d453c08bbf2271244 from main.
2025-01-23[5.2.x] Fixed #36010 -- Avoided touching mo files while checking writability.Claude Paroz
Backport of 2c47207b3c8412d16e61e388f176b47b41b40794 from main.
2025-01-13Refs #35844 -- Removed unnecessary ArgumentParser.add_argument_group()'s ↵Mariusz Felisiak
prefix_chars argument. The `prefix_chars` argument is deprecated since https://github.com/python/cpython/commit/7b04496e5c7ed47e9653f4591674fc9ffef34587.
2025-01-09Fixed #35515 -- Added automatic model imports to shell management command.Salvo Polizzi
Thanks to Bhuvnesh Sharma and Adam Johnson for mentoring this Google Summer of Code 2024 project. Thanks to Sarah Boyce, David Smith, Jacob Walls and Natalia Bidart for reviews.
2025-01-08Fixed #36062 -- Handled serialization of CompositePrimaryKeys.Sarah Boyce
2025-01-08Fixed #36014 -- Supported international domains in EmailValidator.Chaitanya Rahalkar
2025-01-04Fixed #36056 -- Made OutputWrapper a virtual subclass of TextIOBase.Adam Johnson
This fixes the ignored exception in self._out.flush() from django.core.management.base.OutputWrapper: `ValueError: I/O operation on closed file.`
2025-01-03Fixed #36052 -- Supported CompositePrimaryKey in inspectdb.Jacob Walls
2024-12-18Fixed #35996 -- Fixed database serialization crash when serializing a ↵Erica Pisani
many-to-many field that had a prefetch.
2024-12-13Fixed #36007 -- Removed dead code from URLValidator.Mike Edmunds
The "Trivial case failed. Try for possible IDN domain" handling was obsoleted by ticket-20003, which adjusted the regular expressions to allow all international domain names (Refs #20003). Uses of `ul` were moved to DomainNameValidator in ticket-18119 (Refs #18119).
2024-12-11Fixed #35920 -- Observed requires_system_checks in migrate and runserver.Jacob Walls
Before, the full suite of system checks was run by these commands regardless if requires_system_checks had been overridden. Co-authored-by: Simon Charette <charette.s@gmail.com>
2024-12-09Fixed #35973 -- Improved makemessages locale validation to handle numeric ↵Juan Pablo Mallarino
region codes.
2024-12-09Fixed #35935 -- Colorized system checks when running sqlmigrate.Jacob Walls
2024-11-29Fixed #35308 -- Handled OSError when launching code formatters.Jacob Walls
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-11-29Fixed #373 -- Added CompositePrimaryKey.Bendeguz Csirmaz
Thanks Lily Foote and Simon Charette for reviews and mentoring this Google Summer of Code 2024 project. Co-authored-by: Simon Charette <charette.s@gmail.com> Co-authored-by: Lily Foote <code@lilyf.org>
2024-11-12Refs #21286 -- Fixed YAML serialization of TimeField primary key.Adam Zapletal
Handling for PyYAML not being able to serialize `datetime.time` values is moved from `handle_field` to `_value_from_field` as only non-primary key, non-relation fields are passed into `handle_field`.
2024-10-28Refs #34900 -- Removed usage of deprecated glob.glob1().earthyoung
2024-10-17Fixed #35845 -- Updated DomainNameValidator to require entire string to be a ↵Justin Thurman
valid domain name. Bug in 4971a9afe5642569f3dcfcd3972ebb39e88dd457. Thank you to kazet for the report and Claude Paroz for the review.
2024-10-15Fixed #35656 -- Added an autodetector attribute to the makemigrations and ↵leondaz
migrate commands.
2024-10-10Fixed docstring for django.core.exceptions module.Baptiste Mispelon
2024-09-17Fixed #29522 -- Refactored the Deserializer functions to classes.Amir Karimi
Co-authored-by: Emad Mokhtar <emad.mokhtar@veneficus.nl>
2024-08-30Dropped safeguards against very old versions of gettext.Claude Paroz
gettext 0.19 was released in 2014.
2024-08-28Refs #35326 -- Adjusted deprecation warning stacklevel in ↵Simon Charette
FileSystemStorage.OS_OPEN_FLAGS.
2024-08-23Fixed #35689 -- Handled custom labels in LabelCommand.missing_args_message.Giovanni Fabbretti
2024-08-12Refs #35591 -- Removed hardcoded "stable" version in runserver warning.Mariusz Felisiak
2024-08-09Fixed #35658 -- Initialized InMemoryFileNode instances with a name.lucasesposito
2024-08-09Fixed #35591 -- Added unsuitable for production console warning to runserver.Andrew Miller
2024-08-05Refs #35537 -- Improved documentation and test coverage for email ↵Jake Howard
attachments and alternatives.
2024-07-24Fixed #35604, Refs #35326 -- Made FileSystemStorage.exists() behaviour ↵Sarah Boyce
independent from allow_overwrite. Partially reverts 0b33a3abc2ca7d68a24f6d0772bc2b9fa603744e. Storage.exists(name) was documented to "return False if the name is available for a new file." but return True if the file exists. This is ambiguous in the overwrite file case. It will now always return whether the file exists. Thank you to Natalia Bidart and Josh Schneier for the review.
2024-07-22Fixed broken link in django.core.files.temp docstring.Ellen
2024-07-11Fixed #35033, Refs #28912 -- Fixed repeated headers in EmailMessage.Mike Edmunds
Fixed a regression which would cause multiple To, Cc, and Reply-To headers in the result of EmailMessage.message() if values were supplied for both to/cc/reply_to and the corresponding extra_headers fields. Updated related tests to check the generated message() has exactly one of each expected header using get_all(). Regression in b03d5002955256c4b3ed7cfae5150eb79c0eb97e.
2024-07-09Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save ↵Natalia
method. Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah Boyce for the reviews.
2024-06-21Fixed #35528 -- Added EmailMultiAlternatives.body_contains() helper method.Ronny Vedrilla
2024-06-20Fixed #35537 -- Changed EmailMessage.attachments and ↵Jake Howard
EmailMultiAlternatives.alternatives to use namedtuples. This makes it more descriptive to pull out the named fields.
2024-05-23Updated the --traceback option help text.Peter Bittner
2024-05-21Fixed #18119 -- Added a DomainNameValidator validator.Berker Peksag
Thanks Claude Paroz for the review. Co-authored-by: Nina Menezes <77671865+nmenezes0@users.noreply.github.com>
2024-05-21Fixed #35326 -- Added allow_overwrite parameter to FileSystemStorage.Ben Cail
2024-05-10Fixed #35429 -- Added argparse choices to --database options.SaJH
2024-04-26Made confirmation prompt in squashmigrations consistent with other prompts.Cole D
Prior to this change, squashmigrations would use a [yN] prompt to ask for user confirmation. A slash was added between the yes/no options to make it consistent with other commands that print similar prompts.
2024-04-05Fixed #35354 -- Simplified ASGIRequest path handling.Carlton Gibson
Following the ASGI HTTP Connection Scope docs[0], the provided `path` is already the correct value that Django requires. In combination with `root_path`, from which `script_name` is derived, the `path_info` variable is set. It's then redundant to re-calculate `path` from `script_name` and `path_info`. See also, a clarifying discussion on the ASGIref repo[1]. [0]: https://asgi.readthedocs.io/en/latest/specs/www.html#http-connection-scope [1]: https://github.com/django/asgiref/issues/424