| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-08-04 | Fixed typos in migrations tests, comments, and error message. | Jacob Walls | |
| 2021-07-29 | Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵ | David Smith | |
| appropriate. | |||
| 2021-07-22 | Fixed #32930 -- Fixed URLValidator when port numbers < 10. | Wu Haotian | |
| 2021-07-13 | Refs #23359 -- Corrected showmigrations help text for the --database option. | Wilhelm Klopp | |
| 2021-07-01 | Fixed #32889 -- Allowed per-request sync_to_async context in ASGIHandler . | Allan Feldman | |
| By using a asgiref's ThreadSensitiveContext context manager, requests will be able to execute independently of other requests when sync work is involved. Prior to this commit, a single global thread was used to execute any sync work independent of the request from which that work was scheduled. This could result in contention for the global sync thread in the case of a slow sync function. Requests are now isolated to their own sync thread. | |||
| 2021-07-01 | Refs #32144 -- Made makemessages remove temporary files on preprocessing error. | Carlton Gibson | |
| Co-authored-by: Anders Hovmöller <anders.hovmoller@dryft.se> | |||
| 2021-07-01 | Fixed #32144 -- Made makemessages remove temporary files when locale path ↵ | Carlton Gibson | |
| doesn't exist. | |||
| 2021-06-23 | Fixed #32363 -- Ensured sys.__interactivehook__ is called in shell | Peter Inglesby | |
| By default, this means that readline is properly registered, so that .python_history is used. sys.__interactivehook__ may be set by a $PYTHONSTARTUP file. | |||
| 2021-06-21 | Fixed typo in makemessages error message. | Jacob Walls | |
| 2021-06-11 | Fixed #25250 -- Clarified partially recorded state of squashed migrations in ↵ | Jacob Walls | |
| showmigrations --list. | |||
| 2021-06-07 | Fixed #32821 -- Updated os.scandir() uses to use a context manager. | Chris Jerdonek | |
| 2021-06-02 | Fixed #28154 -- Prevented infinite loop in FileSystemStorage.save() when a ↵ | Jacob Walls | |
| broken symlink with the same name exists. | |||
| 2021-06-02 | Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses. | Mariusz Felisiak | |
| validate_ipv4_address() was affected only on Python < 3.9.5, see [1]. URLValidator() uses a regular expressions and it was affected on all Python versions. [1] https://bugs.python.org/issue36384 | |||
| 2021-05-26 | Fixed #32772 -- Made database cache count size once per set. | Michael Lissner | |
| 2021-05-19 | Fixed #32740 -- Caught possible exception when initializing colorama. | Carlton Gibson | |
| 2021-05-18 | Fixed #32747 -- Prevented initialization of unused caches. | Mariusz Felisiak | |
| Thanks Alexander Ebral for the report. Regression in 98e05ccde440cc9b768952cc10bc8285f4924e1f. | |||
| 2021-05-18 | Fixed #32317 -- Refactored loaddata command to make it extensible. | William Schwartz | |
| Moved deeply nested blocks out of inner loops to improve readability and maintainability. Thanks to Mariusz Felisiak, Shreyas Ravi, and Paolo Melchiorre for feedback. | |||
| 2021-05-14 | Refs #32317 -- Simplified find_fixtures() in loaddata command. | William Schwartz | |
| This always replaces 'fixture_name' with its base name, which preserves the previous behavior, because os.path.basename() was not called only on relative paths without os.path.sep i.e. when base name was equal to the file name. This also changes os.path.dirname() and os.path.basename() calls to the equivalent os.path.split() call. | |||
| 2021-05-14 | Refs #32317 -- Cleaned up try/except blocks in loaddata command. | William Schwartz | |
| This moves code unable to trigger relevant exceptions outside of try/except blocks, and changes 'objects' to 'objects_in_fixture' which is equal to the length of 'objects'. | |||
| 2021-05-14 | Fixed #32734 -- Fixed validation of startapp's directory with trailing slash. | Rohith PR | |
| Regression in fc9566d42daf28cdaa25a5db1b5ade253ceb064f. | |||
| 2021-05-13 | Fixed #32718 -- Relaxed file name validation in FileField. | Mariusz Felisiak | |
| - Validate filename returned by FileField.upload_to() not a filename passed to the FileField.generate_filename() (upload_to() may completely ignored passed filename). - Allow relative paths (without dot segments) in the generated filename. Thanks to Jakub Kleň for the report and review. Thanks to all folks for checking this patch on existing projects. Thanks Florian Apolloner and Markus Holtermann for the discussion and implementation idea. Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3. | |||
| 2021-05-12 | Fixed #32366 -- Updated datetime module usage to recommended approach. | Nick Pope | |
| - Replaced datetime.utcnow() with datetime.now(). - Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp(). - Replaced datetime.utctimetuple() with datetime.timetuple(). - Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp(). | |||
| 2021-05-07 | Fixed #32712 -- Deprecated django.utils.baseconv module. | Hasan Ramezani | |
| 2021-05-06 | Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being ↵ | Mariusz Felisiak | |
| accepted in URLValidator on Python 3.9.5+. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs [1, 2]. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid. [1] https://bugs.python.org/issue43882 and [2] https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 | |||
| 2021-05-05 | Fixed #32705 -- Prevented database cache backend from checking .rowcount on ↵ | ecogels | |
| closed cursor. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-05-04 | Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. | Florian Apolloner | |
| 2021-04-30 | Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. | Tim Graham | |
| 2021-04-21 | Fixed #32665 -- Fixed caches system check crash when STATICFILES_DIRS is a ↵ | Mariusz Felisiak | |
| list of 2-tuples. Thanks Jared Lockhart for the report. Regression in c36075ac1dddfa986340b1a5e15fe48833322372. | |||
| 2021-04-12 | Fixed #32416 -- Made ThreadedWSGIServer close connections after each thread. | Chris Jerdonek | |
| ThreadedWSGIServer is used by LiveServerTestCase. | |||
| 2021-03-30 | Fixed #31840 -- Added support for Cross-Origin Opener Policy header. | bankc | |
| Thanks Adam Johnson and Tim Graham for the reviews. Co-authored-by: Tim Graham <timograham@gmail.com> | |||
| 2021-03-19 | Refs #32508 -- Raised Type/ValueError instead of using "assert" in django.core. | Daniyal | |
| 2021-03-18 | Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme. | Tim Graham | |
| 2021-02-10 | Fixed #32355 -- Dropped support for Python 3.6 and 3.7 | Mariusz Felisiak | |
| 2021-02-09 | Fixed #32145 -- Improved makemessages error message when app's locale ↵ | Josh Santos | |
| directory doesn't exist. | |||
| 2021-02-05 | Fixed #32420 -- Fixed detecting primary key values in deserialization when ↵ | Mikolaj Rybinski | |
| PK is also a FK. | |||
| 2021-02-04 | Fixed #32350 -- Fixed showmigrations crash for applied squashed migrations. | Daniel Ebrahimian | |
| Thanks Simon Charette for reviews. | |||
| 2021-02-04 | Fixed #32395 -- Allowed capturing stdout of migration signals. | Simon Charette | |
| 2021-01-22 | Fixed #32360 -- Added system check for FILE_UPLOAD_TEMP_DIR setting. | Timothy McCurrach | |
| 2021-01-19 | Removed unreachable SystemExit check. | Adam Johnson | |
| This check dates back to Python <2.5, before Python introduced BaseException to prevent exactly unwarranted catching of SystemExit (and others). response_for_exception() is only called under `except Exception` or `except Http404` so it's now impossible for a SystemExit instance to reach the branch. | |||
| 2021-01-18 | Fixed #32296 -- Added --skip-checks option to runserver command. | Hasan Ramezani | |
| 2021-01-16 | Fixed #32265, Refs #32355 -- Removed unnecessary ServerHandler.handle_error(). | Mariusz Felisiak | |
| ConnectionAbortedError, BrokenPipeError, ConnectionResetError raised from SocketServer.BaseServer.finish_request() are already suppressed by wsgiref.handlers.BaseHandler.run() in Python 3.7+, see https://github.com/python/cpython/commit/47ffc1a9f6fab1c17cdcc325d4af066317369ed7 | |||
| 2021-01-14 | Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2021-01-14 | Refs #27468 -- Removed support for the pre-Django 3.1 signatures in Signer ↵ | Mariusz Felisiak | |
| and signing.dumps()/loads(). Per deprecation timeline. | |||
| 2021-01-14 | Refs #30165 -- Removed ugettext(), ugettext_lazy(), ugettext_noop(), ↵ | Mariusz Felisiak | |
| ungettext(), and ungettext_lazy() per deprecation timeline. | |||
| 2021-01-12 | Fixed #32291 -- Added fixtures compression support to dumpdata. | Paolo Melchiorre | |
| 2021-01-12 | Refs #32311 -- Fixed CSRF_FAILURE_VIEW system check errors code. | Hasan Ramezani | |
| 2021-01-12 | Fixed #32311 -- Added system check for CSRF_FAILURE_VIEW setting. | Hasan Ramezani | |
| 2021-01-06 | Refs #32191 -- Added Signer.sign_object()/unsign_object(). | Florian Apolloner | |
| Co-authored-by: Craig Smith <hello@craigiansmith.com.au> | |||
| 2021-01-04 | Fixed #32298 -- Fixed URLValidator hostname length validation. | Akshat1Nar | |
| URLValidator now validates the maximum length of a hostname without the userinfo and port. | |||
| 2020-12-29 | Fixed #32299 -- Prevented mutating handlers when processing middlewares ↵ | Mariusz Felisiak | |
| marking as unused in an async context. Thanks Hubert Bielenia for the report. | |||
