| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-11-18 | [3.0.x] Fixed #30990 -- Fixed example output in 'z' date format docs. | Baptiste Mispelon | |
| Backport of 1185c6172b4dd5482b7bc76b12d7a0588320e027 from master | |||
| 2019-09-30 | [3.0.x] Fixed #28690 -- Fixed handling of two-digit years in parse_http_date(). | Ad Timmering | |
| Due to RFC7231 ayear that appears to be more than 50 years in the future are interpreted as representing the past. Backport of 7b5f8acb9e6395a1660dd7bfeb365866ca8ef47c from master | |||
| 2019-09-04 | Fixed #29714 -- Allowed using ExceptionReporter subclass with AdminEmailHandler. | Nasir Hussain | |
| 2019-09-02 | Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme(). | Carlton Gibson | |
| 2019-08-28 | Adjusted subprocess.run() calls to use arg list, rather than string. | Jon Dufresne | |
| The Python docs recommend passing a sequence to subprocess.run() when possible. Doing so allows for automatic escaping and quoting of arguments. https://docs.python.org/3/library/subprocess.html#frequently-used-arguments > args is required for all calls and should be a string, or a sequence > of program arguments. Providing a sequence of arguments is generally > preferred, as it allows the module to take care of any required > escaping and quoting of arguments (e.g. to permit spaces in file > names). Also removed `shell=True` where unnecessary. | |||
| 2019-08-28 | Refs #27795 -- Removed an unnecessary force_bytes() call in uri_to_iri(). | Jon Dufresne | |
| The value returned from urllib.parse.quote() is always a string, so can safely call .encode(). | |||
| 2019-08-23 | Replaced subprocess commands by run() wherever possible. | Claude Paroz | |
| 2019-08-16 | Fixed #30701 -- Updated patch_vary_headers() to handle an asterisk according ↵ | Adnan Umer | |
| to RFC 7231. | |||
| 2019-08-13 | Refs #30461 -- Added django.utils._os.to_path(). | Claude Paroz | |
| 2019-08-11 | Fixed #30677 -- Improved error message for urlencode() and Client when None ↵ | swatantra | |
| is passed as data. | |||
| 2019-08-01 | Removed unneeded ValueError catching in django.utils.text._replace_entity(). | Jon Dufresne | |
| The html.entities.name2codepoint dict contains only valid Unicode codepoints. Either the key exists and chr() will succeed or the key does not exist. | |||
| 2019-08-01 | Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in ↵ | Florian Apolloner | |
| django.utils.encoding.uri_to_iri(). Thanks to Guido Vranken for initial report. | |||
| 2019-08-01 | Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ↵ | Florian Apolloner | |
| strip_tags() when handling incomplete HTML entities. Thanks to Guido Vranken for initial report. | |||
| 2019-08-01 | Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when ↵ | Florian Apolloner | |
| truncating HTML. Thanks to Guido Vranken for initial report. | |||
| 2019-07-31 | Fixed #30160 -- Added support for LZMA and XZ templates to ↵ | Nick Pope | |
| startapp/startproject management commands. | |||
| 2019-07-31 | Refs #30160 -- Simplified archive extension map and added other aliases. | Nick Pope | |
| 2019-07-30 | Refs #30160 -- Made destination path a required argument of extract(). | Nick Pope | |
| 2019-07-24 | Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be ↵ | Tom Forbes | |
| resolved. | |||
| 2019-07-24 | Removed unused BaseReloader.watch_file(). | Mariusz Felisiak | |
| Unused since its introduction in c8720e7696ca41f3262d5369365cc1bd72a216ca. | |||
| 2019-07-23 | Fixed #30506 -- Fixed crash of autoreloader when path contains null characters. | Tom Forbes | |
| 2019-07-03 | Refs #30608 -- Added django.utils.encoding.punycode(). | Mariusz Felisiak | |
| 2019-07-02 | Fixed typos in comments and docs. | Min ho Kim | |
| 2019-07-01 | Removed unnecessary import in django/utils/autoreload.py. | PatOnTheBack | |
| 2019-06-26 | Fixed #30594 -- Added 'private' Cache-Control directive to never_cache() ↵ | nsasaki128 | |
| decorator. | |||
| 2019-06-26 | Fixed #30588 -- Fixed crash of autoreloader when __main__ module doesn't ↵ | Tom Forbes | |
| have __file__ attribute. | |||
| 2019-06-24 | Simplified handling of non-existent paths in autoreloader with ↵ | Tom Forbes | |
| Path.resolve(strict=True). | |||
| 2019-06-20 | Fixed #30451 -- Added ASGI handler and coroutine-safety. | Andrew Godwin | |
| This adds an ASGI handler, asgi.py file for the default project layout, a few async utilities and adds async-safety to many parts of Django. | |||
| 2019-06-11 | Fixed #27486 -- Fixed Python 3.7 DeprecationWarning in intword and ↵ | Jon Dufresne | |
| filesizeformat filters. intword and filesizeformat passed floats to ngettext() which is deprecated in Python 3.7. The rationale for this warning is documented in BPO-28692: https://bugs.python.org/issue28692. For filesizeformat, the filesize value is expected to be an int -- it fills %d string formatting placeholders. It was likely coerced to a float to ensure floating point division on Python 2. Python 3 always does floating point division, so coerce to an int instead of a float to fix the warning. For intword, the number may contain a decimal component. In English, a decimal component makes the noun plural. A helper function, round_away_from_one(), was added to convert the float to an integer that is appropriate for ngettext(). | |||
| 2019-05-29 | Fixed #30523 -- Fixed updating file modification times on seen files in ↵ | Tom Forbes | |
| auto-reloader when using StatReloader. Previously we updated the file mtimes if the file has not been seen before - i.e on the first iteration of the loop. If the mtime has been changed we triggered the notify_file_changed() method which in all cases except the translations will result in the process being terminated. To be strictly correct we need to update the mtime for either branch of the conditional. Regression in 6754bffa2b2df15a741008aa611c1bb0e8dff22b. | |||
| 2019-05-29 | Fixed #30516 -- Fixed crash of autoreloader when re-raising exceptions with ↵ | Tom Forbes | |
| custom signature. Regression in c8720e7696ca41f3262d5369365cc1bd72a216ca. | |||
| 2019-05-28 | Fixed #30479 -- Fixed detecting changes in manage.py by autoreloader when ↵ | Tom Forbes | |
| using StatReloader. Regression in c8720e7696ca41f3262d5369365cc1bd72a216ca. | |||
| 2019-05-27 | Refs #30485 -- Avoided unnecessary instance checks in urlencode. | Simon Charette | |
| Given doseq defaults to False it should avoid an unnecessary instance check in most cases. | |||
| 2019-05-24 | Fixed #30485 -- Adjusted django.utils.http.urlencode for doseq=False case. | Johan Lübcke | |
| 2019-05-22 | Fixed #30498 -- Fixed proxy class caching in lazy(). | Ran Benita | |
| lazy() should prepare the proxy class only once (the first time it's used) not on every call. Regression in b4e76f30d12bfa8a53cc297c60055c6f4629cc4c. | |||
| 2019-05-20 | Fixed #27635 -- Used secrets module in django.utils.crypto. | Nick Pope | |
| 2019-05-20 | Refs #27635 -- Removed fallback when SystemRandom() isn't available that ↵ | Nick Pope | |
| doesn't work. Fallback was untested and likely never triggered. | |||
| 2019-05-15 | Refs #27685 -- Logged unexpected Watchman autoreloader errors. | Daniel Hahler | |
| 2019-05-08 | Refs #27753 -- Deprecated django.utils.text.unescape_entities(). | Jon Dufresne | |
| The function was undocumented and only required for compatibility with Python 2. Code should use Python's html.unescape() that was added in Python 3.4. | |||
| 2019-05-03 | Ignored pywatchman.SocketTimeout in Watchman autoreloader. | Daniel Hahler | |
| Bumped minimum supported pywatchman version to 1.2.0. These exceptions don't require checking a server status. | |||
| 2019-04-29 | Fixed #30323 -- Fixed detecting changes by autoreloader when using StatReloader. | Tom Forbes | |
| 2019-04-29 | Refs #30323 -- Prevented crash of autoreloader when ↵ | Tom Forbes | |
| get_resolver().urlconf_module raising an exception. | |||
| 2019-04-29 | Refs #30323 -- Simplified utils.autoreload.ensure_echo_on(). | Tom Forbes | |
| 2019-04-26 | Fixed #30361 -- Increased the default timeout of watchman client to 5 ↵ | Jacob Green | |
| seconds and made it customizable. Made the default timeout of watchman client customizable via DJANGO_WATCHMAN_TIMEOUT environment variable. | |||
| 2019-04-25 | Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use ↵ | Jon Dufresne | |
| html.escape()/unescape(). | |||
| 2019-04-13 | Fixed #30363 -- Do not use exponential notation for small decimal numbers. | Sjoerd Job Postmus | |
| In 9cc6a60040b0f64f8ea066dd215176d4bd16621d a security patch was introduced to prevent allocating large segments of memory when a very large or very small decimal number was to be formatted. As a side-effect, there was a change in formatting of small decimal numbers even when the `decimal_pos` argument was provided, which meant that reasonable small decimal numbers (above 1e-199) would be formatted as `0.00`, while smaller decimal numbers (under 1e-200) would be formatted as `1e-200`. | |||
| 2019-03-28 | Fixed "byte string" typo in various docs and comments. | Mariusz Felisiak | |
| 2019-02-27 | Fixed #30215 -- Fixed autoreloader crash for modules without __spec__. | shiningfm | |
| Regression in c8720e7696ca41f3262d5369365cc1bd72a216ca. | |||
| 2019-02-25 | Refs #27685 -- Removed "watchman unavailable" message. | Tom Forbes | |
| 2019-02-25 | Refs #30179 -- Moved topological sort functions to django.utils. | Matthias Kestenholz | |
| 2019-02-23 | Fixed #30141 -- Fixed parse_duration() for some negative durations. | Seunghun Lee | |
