| Age | Commit message (Collapse) | Author |
|
|
|
See DEP 0018.
Added:
* MAILERS setting.
* django.core.mail.mailers dict-like EmailBackend factory.
* `using` argument to mail sending APIs.
* `sent_using` attribute to mail.outbox messages in locmem backend.
* MAILERS in startproject settings template, set to console backend.
* AdminLogHandler.using argument.
* BrokenLinkEmailsMiddleware.send_mail() method.
Updated:
* BaseEmailBackend to track the MAILERS alias used to construct it, and
to report errors for unknown kwargs (OPTIONS).
* EmailBackend implementations to initialize from kwargs (OPTIONS) only
when MAILERS is being used.
* smtp.EmailBackend to require `host` option and to default `port`
option based on SSL/TLS options.
* SimpleTestCase setup to substitute the locmem backend for all defined
MAILERS configurations.
* Django's tests that send mail to define MAILERS.
Deprecated:
* EMAIL_BACKEND and other backend-related EMAIL_* settings.
* mail.get_connection().
* The `connection`, `fail_silently`, `auth_user`, and `auth_password`
arguments to mail functions.
* The EmailMessage.connection attribute.
* BaseEmailBackend support for `fail_silently`. Backends that support
fail_silently (SMTP, console, file) now implement it directly.
* AdminEmailHandler.email_backend argument.
Removed undocumented features without deprecation:
* EmailMessage.get_connection() method. (send() now raises an error if a
subclass has attempted to override it.)
* EmailMessage.send() no longer sets self.connection to the connection
used for sending. (It still _uses_ a pre-existing self.connection.)
* AdminEmailHandler.connection() method. (Init now raises an error if a
subclass has attempted to override it.)
Thanks to Natalia Bidart for shepherding DEP 0018 and for extensive
reviews and suggestions on the implementation.
Thanks to Jacob Rief for the initial implementation and multiple
iterations while refining the design.
Co-authored-by: Jacob Rief <jacob.rief@gmail.com>
|
|
A TypeError is now raised if fail_silently=True, auth_user, or auth_password
are provided along a connection.
Updated AdminEmailHandler in django.utils.log to remove redundant
fail_silently=True.
Thanks Mike Edmunds for the report and Jacob Tyler Walls for the review.
|
|
Migrated `WSGIRequestHandler.log_message()` to use a more robust
`log_message()` helper, which was based of `log_response()` via factoring out
the common bits.
Refs CVE-2025-48432.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
Suitably crafted requests containing a CRLF sequence in the request
path may have allowed log injection, potentially corrupting log files,
obscuring other attacks, misleading log post-processing tools, or
forging log entries.
To mitigate this, all positional formatting arguments passed to the
logger are now escaped using "unicode_escape" encoding.
Thanks to Seokchan Yoon (https://ch4n3.kr/) for the report.
Co-authored-by: Carlton Gibson <carlton@noumenal.es>
Co-authored-by: Jake Howard <git@theorangeone.net>
|
|
|
|
|
|
There's little point retrieving a fresh reference to the exception in
the legacy tuple format, when it's all available via the exception
instance we already have.
|
|
Completed a first step in moving reference and how-to material out of
the topic document.
|
|
Setting default_msec_format=None will make it the same, unfortunately
it's not supported by Python, see https://bugs.python.org/issue40300.
|
|
|
|
|
|
* Added logging of 500 responses for instantiated responses.
* Added logging of all 4xx and 5xx responses.
|
|
|
|
|
|
|
|
|
|
Allowed ServerFormatter to handle simple string messages or messages with
formatting arguments. The formatter will set the server_time variable on
the log record if it's required by the format string but wasn't passed in
extra parameters.
|
|
Refs #26572, #17281. The RFC doesn't limit total length, just the line length
which is already taken care of by Python itself.
Thanks Tim Graham for the review.
|
|
default.
|
|
Thanks andreif for the contributing to the patch.
|
|
|
|
Without an explicit 'level', only messages at WARNING or higher
are handled. This makes the config consistent with the docs
which say, "The django catch-all logger sends all messages at
the INFO level or higher to the console."
|
|
|
|
|
|
|
|
Thanks Carl Meyer for review.
|
|
|
|
It's unused since f0f327bb.
|
|
|
|
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
|
|
|
|
in request.
Thanks edevil for the report and Simon Charette for review.
|
|
|
|
|
|
Refs #21188. Now pure Python DeprecationWarning visibility should
be back to Python defaults.
|
|
import_string().
Thanks Aymeric Augustin for the suggestion and review.
|
|
Thanks Aymeric Augustin for the report and the review.
|
|
|
|
|
|
|
|
The module still exists for whoever uses it in its current state, but it
isn't imported by Django anywhere.
|
|
|
|
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.
Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
|
|
Thanks Lennart Regebro for pointing it out.
|
|
Thanks lsaffre for the report. Refs #19325.
|
|
Also unit-tested django.utils.log.RequireDebugTrue for consistency.
|
|
|
|
Capture warnings in Python >= 2.7 and route through
console handler, which is subject to DEBUG==True
Thanks to dstufft for the idea, and claudep for initial patch
|
|
|