summaryrefslogtreecommitdiff
path: root/django/utils/log.py
AgeCommit message (Collapse)Author
2026-03-16Fixed #36894 -- Added TypeError for conflicting arguments in mail APIs.Praful Gulani
A TypeError is now raised if fail_silently=True, auth_user, or auth_password are provided along a connection. Updated AdminEmailHandler in django.utils.log to remove redundant fail_silently=True. Thanks Mike Edmunds for the report and Jacob Tyler Walls for the review.
2025-10-20Fixed #36470 -- Prevented log injection in runserver when handling NOT FOUND.YashRaj1506
Migrated `WSGIRequestHandler.log_message()` to use a more robust `log_message()` helper, which was based of `log_response()` via factoring out the common bits. Refs CVE-2025-48432. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-06-04Fixed CVE-2025-48432 -- Escaped formatting arguments in `log_response()`.Natalia
Suitably crafted requests containing a CRLF sequence in the request path may have allowed log injection, potentially corrupting log files, obscuring other attacks, misleading log post-processing tools, or forging log entries. To mitigate this, all positional formatting arguments passed to the logger are now escaped using "unicode_escape" encoding. Thanks to Seokchan Yoon (https://ch4n3.kr/) for the report. Co-authored-by: Carlton Gibson <carlton@noumenal.es> Co-authored-by: Jake Howard <git@theorangeone.net>
2024-04-12Fixed #35364 -- Stopped AdminEmailHandler rendering email unnecessarily.Adam Johnson
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-01-12Changed django.utils.log.log_response() to take exception instance.Adam Johnson
There's little point retrieving a fresh reference to the exception in the legacy tuple format, when it's all available via the exception instance we already have.
2021-06-30Refs #32880 -- Moved logging reference to new document.Daniele Procida
Completed a first step in moving reference and how-to material out of the topic document.
2020-04-16Fixed #29329 -- Made datetime logging from runserver more consistent.Hasan Ramezani
Setting default_msec_format=None will make it the same, unfortunately it's not supported by Python, see https://bugs.python.org/issue40300.
2020-01-16Fixed #30752 -- Allowed using ExceptionReporter subclasses in error reports.Pavel Lysak
2019-09-04Fixed #29714 -- Allowed using ExceptionReporter subclass with AdminEmailHandler.Nasir Hussain
2018-05-04Fixed #26688 -- Fixed HTTP request logging inconsistencies.Samir Shah
* Added logging of 500 responses for instantiated responses. * Added logging of all 4xx and 5xx responses.
2017-12-07Refs #23919 -- Replaced super() calls for old-style classes.Nick Pope
2017-11-18Fixed #28810 -- Replaced '%' style logging formatting with str.format() style.Chris Lamb
2017-01-25Refs #23919 -- Replaced super(ClassName, self) with super().chillaranand
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-09-27Fixed #27271 -- Fixed a crash in runserver logging.Sergey Fursov
Allowed ServerFormatter to handle simple string messages or messages with formatting arguments. The formatter will set the server_time variable on the log record if it's required by the format string but wasn't passed in extra parameters.
2016-05-10Stopped truncating AdminEmailHandler message subjectsClaude Paroz
Refs #26572, #17281. The RFC doesn't limit total length, just the line length which is already taken care of by Python itself. Thanks Tim Graham for the review.
2016-01-14Fixed #25999 -- Removed promotion of RemovedInNextVersionWarning to loud by ↵Tim Graham
default.
2016-01-11Fixed #25684 -- Made runserver use logging for request/response output.Flavio Curella
Thanks andreif for the contributing to the patch.
2015-11-07Amended comment to remove reference to the no longer used NullHandlerNeal Todd
2015-09-23Refs #24526 -- Made the django logger handle INFO messages.Tim Graham
Without an explicit 'level', only messages at WARNING or higher are handled. This makes the config consistent with the docs which say, "The django catch-all logger sends all messages at the INFO level or higher to the console."
2015-08-31Fixed #25331 -- Removed trailing blank lines in docstrings.Maxime Lorant
2015-07-13Fixed #25099 -- Cleaned up HttpRequest representations in error reporting.Vlastimil Zíma
2015-05-07Fixed logging regression introduced in bbe28496d32f76ca161f5c33787d6ad62267fcc6Tim Graham
2015-04-24Fixed #24526 -- Combined django.request/security loggers with the root logger.Tim Graham
Thanks Carl Meyer for review.
2015-03-24Removed getLogger alias in django.utils.log.Tim Graham
2015-03-24Removed the null handler in Django's default logging config.Tim Graham
It's unused since f0f327bb.
2015-02-05Removed old import aliases.Tim Graham
2014-12-03Removed redundant numbered parameters from str.format().Berker Peksag
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-11-15Fixed #22407 -- Added AdminEmailHandler.send_mail().Berker Peksag
2014-10-06Fixed #23593 -- Fixed crash in AdminEmailHandler with non-ASCII characters ↵Tim Graham
in request. Thanks edevil for the report and Simon Charette for review.
2014-09-30Fixed #23569 -- Allowed using configs besides dictConfig in LOGGING_CONFIG.Seth Hill
2014-03-30Corrected many style guide violations that the newest version of flake8 catchesAlex Gaynor
2014-03-08Avoided changing raw DeprecationWarning filter behaviorClaude Paroz
Refs #21188. Now pure Python DeprecationWarning visibility should be back to Python defaults.
2014-02-08Fixed #21674 -- Deprecated the import_by_path() function in favor of ↵Berker Peksag
import_string(). Thanks Aymeric Augustin for the suggestion and review.
2013-12-31Fixed #21714 -- Moved logging configuration to global setup()Claude Paroz
Thanks Aymeric Augustin for the report and the review.
2013-11-02Fixed #21302 -- Fixed unused imports and import *.Tim Graham
2013-09-13Fixed #20844 -- Made AdminEmailHandler respect LOGGING 'formatter' setting.Daniel Sokolowski
2013-07-01Relied on NullHandler from the logging stdlib module.Aymeric Augustin
2013-07-01Deprecated django.utils.dictconfig.Aymeric Augustin
The module still exists for whoever uses it in its current state, but it isn't imported by Django anywhere.
2013-05-26Replaced `and...or...` constructs with PEP 308 conditional expressions.Ramiro Morales
2013-05-25Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.Preston Holmes
SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review.
2013-05-17Replaced an antiquated pattern.Aymeric Augustin
Thanks Lennart Regebro for pointing it out.
2013-01-21Fixed #19637 -- Ensured AdminEmailHandler fails silentlyClaude Paroz
Thanks lsaffre for the report. Refs #19325.
2012-12-29Removed backwards-compatibility shim for #16288.Aymeric Augustin
Also unit-tested django.utils.log.RequireDebugTrue for consistency.
2012-11-20Fixed #19325 - Made email backend of AdminEmailHandler configurableHannes Struss
2012-11-16Fixed #18985 -- made DeprecationWarnings loudPreston Holmes
Capture warnings in Python >= 2.7 and route through console handler, which is subject to DEBUG==True Thanks to dstufft for the idea, and claudep for initial patch
2012-11-12Negligible spacing fix in utils/log.pyAdrian Holovaty
2012-09-29Moved filter at handler levelClaude Paroz
Filters at logger level are only processed for messages directly logged to the specific logger, not for loggers in the parent chain. As the 'django' logger is almost always processed as an inherited logger, it makes more sense to filter messages at the 'console' handler level.
2012-09-29Fixed #18993 -- 'django' logger logs to console when DEBUG=TrueClaude Paroz
Thanks Preston Holmes for the review.
generated by cgit v1.3 (git 2.53.0) at 2026-06-30 23:03:08 +0000