chango.git - django

Age	Commit message (Collapse)	Author
2026-06-08	Refs CVE-2026-48587 -- Added helper to properly split header values.	Natalia
	Extracted the repeated `split(",")` + per-token `.strip()` pattern into a `split_header_value()` generator in django/utils/http.py. The previous `cc_delim_re` regex only stripped whitespace adjacent to the comma delimiter, leaving leading or trailing whitespace on the first and last tokens. Now, `split_header_value()` strips every token fully, matching RFC 9110's optional-whitespace rules. Thanks to Shai Berger, Jacob Walls, and Sarah Boyce for reviews.
2026-06-03	Fixed CVE-2026-48587 -- Ignored whitespace padding when checking Vary header ↵	Jake Howard
	values. Thanks to Navid Rezazadeh for the report and Jacob Walls for review.
2025-07-23	Refs #36500 -- Rewrapped long docstrings and block comments via a script.	django-bot
	Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505.
2024-01-26	Applied Black's 2024 stable style.	Mariusz Felisiak
	https://github.com/psf/black/releases/tag/24.1.0
2023-02-01	Refs #33476 -- Applied Black's 2023 stable style.	David Smith
	Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0
2023-01-18	Fixed #34233 -- Dropped support for Python 3.8 and 3.9.	Mariusz Felisiak

2022-11-10	Updated documentation and comments for RFC updates.	Nick Pope
	- Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents
2022-02-07	Refs #33476 -- Reformatted code with Black.	django-bot

2021-10-12	Fixed #28401 -- Allowed hashlib.md5() calls to work with FIPS kernels.	Ade Lee
	md5 is not an approved algorithm in FIPS mode, and trying to instantiate a hashlib.md5() will fail when the system is running in FIPS mode. md5 is allowed when in a non-security context. There is a plan to add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate whether or not the instance is being used in a security context. In the case where it is not, the instantiation of md5 will be allowed. See https://bugs.python.org/issue9216 for more details. Some downstream python versions already support this parameter. To support these versions, a new encapsulation of md5() has been added. This encapsulation will pass through the usedforsecurity parameter in the case where the parameter is supported, and strip it if it is not. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-10-28	Made small readability improvements.	Martin Thoma

2020-10-06	Removed unneeded calls to iri_to_uri() in cache key generation.	Florian Apolloner
	request.build_absolute_uri() already applies iri_to_uri()
2020-09-14	Fixed #31789 -- Added a new headers interface to HttpResponse.	Tom Carrick

2020-06-22	Refs #5691 -- Made cache keys independent of USE_L10N.	Claude Paroz
	This mostly reverts af1893c4ff8fdbf227a43a559d90bb1c1238b01a.
2019-10-29	Fixed #30899 -- Lazily compiled import time regular expressions.	Hasan Ramezani

2019-10-10	Fixed #23755 -- Added support for multiple field names in the no-cache ↵	Flavio Curella
	Cache-Control directive to patch_cache_control(). https://tools.ietf.org/html/rfc7234#section-5.2.2.2
2019-10-10	Fixed #30812 -- Made ConditionalGetMiddleware set ETag only for responses ↵	Viktor Lomakin
	with non-empty content.
2019-08-16	Fixed #30701 -- Updated patch_vary_headers() to handle an asterisk according ↵	Adnan Umer
	to RFC 7231.
2019-06-26	Fixed #30594 -- Added 'private' Cache-Control directive to never_cache() ↵	nsasaki128
	decorator.
2018-08-28	Refs #27795 -- Removed force_bytes() usage in django/utils/cache.py.	Jon Dufresne

2018-05-04	Fixed #26688 -- Fixed HTTP request logging inconsistencies.	Samir Shah
	* Added logging of 500 responses for instantiated responses. * Added logging of all 4xx and 5xx responses.
2018-03-03	Refs #17476 -- Removed obsolete simplification of timezone names in cache ↵	Sergey Fedoseev
	key generation.
2018-01-12	Fixed #28996 -- Simplified some boolean constructs and removed trivial ↵	Дилян Палаузов
	continue statements.
2018-01-03	Fixed #28982 -- Simplified code with and/or.	Дилян Палаузов

2017-12-04	Simplified django.utils.cache.get_max_age().	Jozef

2017-09-22	Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline.	Tim Graham

2017-09-13	Removed unnecessary parens in various code.	Mariusz Felisiak

2017-06-01	Refs #23968 -- Removed unnecessary lists, generators, and tuple calls.	Jon Dufresne

2017-02-11	Refs #27656 -- Updated django.utils docstring verbs according to PEP 257.	Anton Samarchyan

2017-01-18	Refs #23919 -- Removed encoding preambles and future imports	Claude Paroz

2016-10-12	Fixed #19705 -- Set proper headers on conditional Not Modified responses.	Kevin Christopher Henry

2016-10-10	Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ↵	Denis Cornehl
	ConditionalGetMiddleware.
2016-09-28	Fixed #27226 -- Removed patch_response_headers()'s setting of the ↵	Rinat Khabibiev
	Last-Modified header.
2016-09-16	Refs #27083 -- Updated conditional header comparison to match RFC 7232.	Kevin Christopher Henry

2016-05-03	Fixed #26567 -- Updated references to obsolete RFC2616.	Vasiliy Faronov
	Didn't touch comments where it wasn't obvious that the code adhered to the newer standard.
2016-04-08	Fixed E128 flake8 warnings in django/.	Tim Graham

2015-11-09	Fixed #6727 -- Made patch_cache_control() patch an empty Cache-Control header.	Dwight Gunning

2015-08-15	Fixed #24935 -- Refactored common conditional GET handling.	Denis Cornehl

2015-05-13	Removed unnecessary arguments in .get method calls	Piotr Jakimiak

2015-04-28	Fixed #13008 -- Added more Cache-Control headers to never_cache() decorator.	Markus Bertheau

2015-02-06	Sorted imports with isort; refs #23860.	Tim Graham

2013-12-28	Fixed #20346 -- Made cache middleware vary on the full URL.	ijl
	Previously, only the URL path was included in the cache key. Thanks jamey for the suggestion.
2013-11-23	Fixed #21012 -- New API to access cache backends.	Curtis Maloney
	Thanks Curtis Malony and Florian Apolloner. Squashed commit of the following: commit 3380495e93f5e81b80a251b03ddb0a80b17685f5 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sat Nov 23 14:18:07 2013 +0100 Looked up the template_fragments cache at runtime. commit 905a74f52b24a198f802520ff06290a94dedc687 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sat Nov 23 14:19:48 2013 +0100 Removed all uses of create_cache. Refactored the cache tests significantly. Made it safe to override the CACHES setting. commit 35e289fe9285feffed3c60657af9279a6a2cfccc Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sat Nov 23 12:23:57 2013 +0100 Removed create_cache function. commit 8e274f747a1f1c0c0e6c37873e29067f7fa022e8 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sat Nov 23 12:04:52 2013 +0100 Updated docs to describe a simplified cache backend API. commit ee7eb0f73e6d4699edcf5d357dce715224525cf6 Author: Curtis Maloney <curtis@tinbrain.net> Date: Sat Oct 19 09:49:24 2013 +1100 Fixed #21012 -- Thread-local caches, like databases.
2013-11-02	Correct flake8 E302 violations	Ray Ashman Jr

2013-11-02	Correct flake8 violation E261	Ray Ashman Jr

2013-11-01	Fixed spelling ("dependant" -> "dependent")	Tim Graham
	Dependent means reliant on. A dependant is a person like a child or spouse. Thanks Andrew Wilcox for the report.
2013-10-26	Fixed up some more flake8 violations (this particular violation still has ↵	Alex Gaynor
	many occurrences in the tests/ dir so it can't be removed from setup.cfg yet)
2013-08-30	Fixed #20989 -- Removed useless explicit list comprehensions.	Simon Charette

2013-08-29	Fixed #20989 -- Removed explicit list comprehension inside dict() and tuple()	Tim Graham
	Thanks jeroen.pulles at redslider.net for the suggestion and helper script.
2013-02-27	[py3] Always fed hashlib with bytes.	Łukasz Langa

2013-02-25	Fixed #18191 -- Don't consider Accept-Language redundantly in cache key.	Łukasz Langa
	Thanks to choongmin for the original patch.