chango.git - django

Age	Commit message (Collapse)	Author
2025-07-18	Refs #35680 -- Sorted shell default autoimports to prevent isort mismatches.	nessita

2025-07-17	Fixed #36163 -- Deprecated most positional arguments in django.core.mail.	Mike Edmunds
	In public mail APIs, changed less frequently used parameters from keyword-or-positional to keyword-only, emitting a warning during the required deprecation period.
2025-07-17	Fixed #35680 -- Added automatic imports of common utilies to shell ↵	Salvo Polizzi
	management command.
2025-07-09	Refs #35844, #35945 -- Used asgiref.sync.iscoroutinefunction() instead of ↵	Mariusz Felisiak
	deprecated asyncio.iscoroutinefunction(). Follow up to bd3b1dfa2422e02ced3a894adb7544e42540c97d. Introduced in 2ae3044d9d4dfb8371055513e440e0384f211963. Fixes DeprecationWarning: 'asyncio.iscoroutinefunction' is deprecated and slated for removal in Python 3.16; use inspect.iscoroutinefunction() instead.
2025-06-27	Fixed #15727 -- Added Content Security Policy (CSP) support.	Rob Hudson
	This initial work adds a pair of settings to configure specific CSP directives for enforcing or reporting policy violations, a new `django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the appropriate headers to responses, and a context processor to support CSP nonces in templates for safely inlining assets. Relevant documentation has been added for the 6.0 release notes, security overview, a new how-to page, and a dedicated reference section. Thanks to the multiple reviewers for their precise and valuable feedback. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-06-26	Fixed #36478 -- Fixed inconsistent mail attachment handling.	Mike Edmunds
	Fixed an inconsistency between EmailMessage.attach() and .attachments when attaching bytes content with a text/* mimetype. The attach() function decodes UTF-8 bytes if possible and otherwise changes the mimetype to application/octet-stream to preserve the content's unknown encoding (refs #27007). Providing equivalent content directly in EmailMessage.attachments did not apply the same logic, leading to an "AttributeError: 'bytes' object has no attribute 'encode'" in SafeMIMEText.set_payload(). Updated EmailMessage._create_mime_attachment() to match attach()'s handling for text/* mimetypes with bytes content. Updated test cases to accurately cover behavior on both paths.
2025-06-18	Fixed #36467 -- Removed leading whitespaces from Set-Cookie header values in ↵	Lukas Komischke
	WSGIHandler. This also aligned the Set-Cookie logic in the WSGIHandler and ASGIHandler. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2025-06-11	Removed default value for app_configs in system check functions.	Adam Johnson
	The documentation[0] encourages users to write functions without a default for `app_configs`, and checks are always passed the argument. [0] https://docs.djangoproject.com/en/5.2/topics/checks/
2025-06-06	Refs CVE-2025-48432 -- Made SuspiciousOperation logging use log_response() ↵	Natalia
	for consistency.
2025-05-04	Fixed #36281 -- Used async-safe write in ASGIHandler.read_body().	신우진
	Thanks Carlton Gibson for reviews.
2025-04-30	Fixed #36357 -- Skipped unique_together in inspectdb output for composite ↵	Baptiste Mispelon
	primary keys. Thanks to Baptiste Mispelon for the report and quick fix, and to Simon Charette and Jacob Walls for the reviews. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-04-27	Fixed #18296 -- Created missing custom target directory for startproject and ↵	Bruno Alla
	startapp.
2025-04-24	Fixed #36309 -- Made email alternatives and attachments pickleable.	nessita
	Regression in aba0e541caaa086f183197eaaca0ac20a730bbe4 and in d5bebc1c26d4c0ec9eaa057aefc5b38649c0ba3b. Thanks Florent Messa for the report, and Jake Howard and Claude Paroz for the review.
2025-04-07	Fixed #36298 -- Truncated the overwritten file content in file_move_safe().	Sarah Boyce
	Regression in 58cd4902a71a3695dd6c21dc957f59c333db364c. Thanks Baptiste Mispelon for the report.
2025-04-02	Fixed CVE-2025-27556 -- Mitigated potential DoS in ↵	Sarah Boyce
	url_has_allowed_host_and_scheme() on Windows. Thank you sw0rd1ight for the report.
2025-03-31	Refs #28909 -- Simplified code using unpacking generalizations.	Aarni Koskela

2025-03-25	Fixed #35452 -- Deprecated orphans being more than or equal to page_size in ↵	wookkl
	pagination.
2025-03-21	Fixed #36266 -- Renamed HIDE_PRODUCTION_WARNING environment variable to ↵	Johanan Oppong Amoateng
	DJANGO_RUNSERVER_HIDE_WARNING.
2025-03-21	Fixed #36138 -- Changed ADMINS and MANAGERS settings to lists of strings.	Mike Edmunds
	Previously, the ADMINS and MANAGERS settings were lists of (name, address) tuples (where the name had been unused). Deprecated use of tuples. Updated settings value sanity checks, and changed from ValueError to ImproperlyConfigured.
2025-03-18	Refs #36138 -- Cleaned up duplicate code in mail_admins()/mail_managers().	Mike Edmunds

2025-03-17	Fixed #36252 -- Handled duplicate automatic imports in the shell command.	hesham942

2025-03-12	Fixed #35945 -- Added async interface to Paginator.	wookkl

2025-03-11	Fixed #36177 -- Added a trailing newline to JSON serializer. (#19232)	Tom Carrick

2025-03-10	Fixed #33579 -- Specialized exception raised on forced update failures.	Simon Charette
	Raising DatabaseError directly made it harder than it should to differentiate between IntegrityError when a forced update resulted in no affected rows. Introducing a specialized exception allows for callers to more easily silence, log, or turn them update failures into user facing exceptions (e.g. 404s). Thanks Mariusz for the review.
2025-03-07	Fixed #36224 -- Fixed shell imports when settings not configured.	Sarah Boyce
	Thank you Raffaella for the report. Thank you Tim Schilling and Natalia Bidart for the reviews.
2025-03-05	Clarified cryptic comment in django/core/cache/backends/redis.py.	Tim Graham

2025-03-01	Applied Black's 2025 stable style.	Mariusz Felisiak
	https://github.com/psf/black/releases/tag/25.1.0
2025-02-18	Refs #36005 -- Used datetime.UTC alias instead of datetime.timezone.utc.	Mariusz Felisiak
	datetime.UTC was added in Python 3.11.
2025-02-17	Fixed #36191 -- Truncated the overwritten file content in FileSystemStorage.	Gaël Utard

2025-02-16	Refs #35967 -- Deprecated BaseDatabaseCreation.create_test_db(serialize).	Simon Charette
	Given there are no longer any internal usages of serialize=True and it poses a risk to non-test databases integrity it seems appropriate to deprecate it.
2025-02-13	Fixed #36158 -- Refactored shell command to improve auto-imported objects ↵	Natalia
	reporting.
2025-02-10	Refs #35515 -- Fixed shell command verbose output when auto-importing 0 or 1 ↵	Natalia
	object. Co-authored-by: Salvo Polizzi <salvopolizzi03@gmail.com>
2025-02-10	Refs #35515 -- Refactored internal `get_and_report_namespace` in the shell ↵	Natalia
	command.
2025-01-31	Fixed #36119 -- Fixed UnicodeEncodeError when attaching a file with 8bit ↵	greg
	Content-Transfer-Encoding.
2025-01-23	Fixed #36010 -- Avoided touching mo files while checking writability.	Claude Paroz

2025-01-22	Fixed #24529 -- Allowed double squashing of migrations.	Georgi Yanchev
	Co-authored-by: Raphael Gaschignard <raphael@rtpg.co>
2025-01-18	Fixed broken link in django/core/handlers/asgi.py comment.	Anders Kaseorg

2025-01-15	Refs #35326 -- Removed FileSystemStorage.OS_OPEN_FLAGS per deprecation timeline.	Sarah Boyce

2025-01-13	Refs #35844 -- Removed unnecessary ArgumentParser.add_argument_group()'s ↵	Mariusz Felisiak
	prefix_chars argument. The `prefix_chars` argument is deprecated since https://github.com/python/cpython/commit/7b04496e5c7ed47e9653f4591674fc9ffef34587.
2025-01-09	Fixed #35515 -- Added automatic model imports to shell management command.	Salvo Polizzi
	Thanks to Bhuvnesh Sharma and Adam Johnson for mentoring this Google Summer of Code 2024 project. Thanks to Sarah Boyce, David Smith, Jacob Walls and Natalia Bidart for reviews.
2025-01-08	Fixed #36062 -- Handled serialization of CompositePrimaryKeys.	Sarah Boyce

2025-01-08	Fixed #36014 -- Supported international domains in EmailValidator.	Chaitanya Rahalkar

2025-01-04	Fixed #36056 -- Made OutputWrapper a virtual subclass of TextIOBase.	Adam Johnson
	This fixes the ignored exception in self._out.flush() from django.core.management.base.OutputWrapper: `ValueError: I/O operation on closed file.`
2025-01-03	Fixed #36052 -- Supported CompositePrimaryKey in inspectdb.	Jacob Walls

2024-12-18	Fixed #35996 -- Fixed database serialization crash when serializing a ↵	Erica Pisani
	many-to-many field that had a prefetch.
2024-12-13	Fixed #36007 -- Removed dead code from URLValidator.	Mike Edmunds
	The "Trivial case failed. Try for possible IDN domain" handling was obsoleted by ticket-20003, which adjusted the regular expressions to allow all international domain names (Refs #20003). Uses of `ul` were moved to DomainNameValidator in ticket-18119 (Refs #18119).
2024-12-11	Fixed #35920 -- Observed requires_system_checks in migrate and runserver.	Jacob Walls
	Before, the full suite of system checks was run by these commands regardless if requires_system_checks had been overridden. Co-authored-by: Simon Charette <charette.s@gmail.com>
2024-12-09	Fixed #35973 -- Improved makemessages locale validation to handle numeric ↵	Juan Pablo Mallarino
	region codes.
2024-12-09	Fixed #35935 -- Colorized system checks when running sqlmigrate.	Jacob Walls

2024-11-29	Fixed #35308 -- Handled OSError when launching code formatters.	Jacob Walls
	Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>