chango.git - django

Age	Commit message (Collapse)	Author
2020-03-04	[2.2.x] Bumped version for 2.2.11 release.2.2.11	Mariusz Felisiak

2020-03-04	[2.2.x] Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS ↵	Mariusz Felisiak
	functions and aggregates on Oracle. Thanks to Norbert Szetei for the report.
2020-02-11	[2.2.x] Fixed #31246 -- Fixed locking models in ↵	Abhijeet Viswa
	QuerySet.select_for_update(of=()) for related fields and parent link fields with multi-table inheritance. Partly regression in 0107e3d1058f653f66032f7fd3a0bd61e96bf782. Backport of 1712a76b9dfda1ef220395e62ea87079da8c9f6c from master.
2020-02-03	[2.2.x] Post-release version bump.	Carlton Gibson

2020-02-03	[2.2.x] Bumped version for 2.2.10 release.2.2.10	Carlton Gibson

2020-01-26	[2.2.x] Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.	Simon Charette

2019-12-18	[2.2.x] Post-release version bump.	Mariusz Felisiak

2019-12-18	[2.2.x] Bumped version for 2.2.9 release.2.2.9	Mariusz Felisiak

2019-12-18	[2.2.x] Fixed CVE-2019-19844 -- Used verified user email for password reset ↵	Simon Charette
	requests. Backport of 5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70 from master. Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
2019-12-11	[2.2.x] Fixed #31073 -- Prevented CheckboxInput.get_context() from mutating ↵	Peter Andersen
	attrs. Backport of 02eff7ef60466da108b1a33f1e4dc01eec45c99d from master
2019-12-02	[2.2.x] Post-release version bump.	Carlton Gibson

2019-12-02	[2.2.x] Bumped version for 2.2.8 release.2.2.8	Carlton Gibson

2019-12-02	Fixed CVE-2019-19118 -- Required edit permissions on parent model for ↵	Carlton Gibson
	editable inlines in admin. Thank you to Shen Ying for reporting this issue.
2019-12-02	[2.2.x] Fixed #30953 -- Made select_for_update() lock queryset's model when ↵	Mariusz Felisiak
	using "self" with multi-table inheritance. Thanks Abhijeet Viswa for the report and initial patch. Backport of 0107e3d1058f653f66032f7fd3a0bd61e96bf782 from master
2019-11-29	[2.2.x] Fixed #31021 -- Fixed proxy model permissions data migration crash ↵	Mariusz Felisiak
	with a multiple databases setup. Regression in 98296f86b340c8c9c968375d59f1d3a3479e60c2. Backport of e8fcdaad5c428878d0a5d6ba820d957013f75595 from master
2019-11-26	[2.2.x] Fixed #31031 -- Fixed data loss in admin changelist view when ↵	Baptiste Mispelon
	formset's prefix contains regex special chars. Regression in b18650a2634890aa758abae2f33875daa13a9ba3. Backport of 52936efacec4df05df2d9872c09c3332335bf21b from master
2019-11-18	[2.2.x] Fixed #30990 -- Fixed example output in 'z' date format docs.	Baptiste Mispelon
	Backport of 1185c6172b4dd5482b7bc76b12d7a0588320e027 from master
2019-11-04	[2.2.x] Post-release version bump.	Mariusz Felisiak

2019-11-04	[2.2.x] Bumped version for 2.2.7 release.2.2.7	Mariusz Felisiak

2019-11-04	[2.2.x] Fixed #30931 -- Restored ability to override Model.get_FIELD_display().	Carlton Gibson
	Thanks Sergey Fedoseev for the implementation idea. Regression in a68ea231012434b522ce45c513d84add516afa60. Backport of 2d38eb0ab9f78d68c083a5b78b1eca39027b279a from master
2019-10-24	[2.2.x] Fixed #30903 -- Fixed migrations crash on PostgreSQL when adding ↵	Hannes Ljungberg
	Index with opclasses and ordering. Backport of fa5f3291e7f2611d53e64ab481ebe951b0161791 from master
2019-10-14	[2.2.x] Fixed #30870 -- Fixed showing that RunPython operations are ↵	Mariusz Felisiak
	irreversible by migrate --plan. Thanks Hasan Ramezani for the initial patch and Kyle Dickerson for the report. Backport of 06d34aab7cfb1632a1538a243db81f24498525ff from master.
2019-10-11	[2.2.x] Fixed #30826 -- Fixed crash of many JSONField lookups when one hand ↵	Louise Grandjonc
	side is key transform. Regression in 6c3dfba89215fc56fc27ef61829a6fff88be4abb. Backport of 7d1bf29977bb368d7c28e7c6eb146db3b3009ae7 from master
2019-10-01	[2.2.x] Post-release version bump.	Carlton Gibson

2019-10-01	[2.2.x] Bumped version for 2.2.6 release.2.2.6	Carlton Gibson

2019-09-16	[2.2.x] Fixed #30769 -- Fixed a crash when filtering against a subquery ↵	Simon Charette
	JSON/HStoreField annotation. This was a regression introduced by 7deeabc7c7526786df6894429ce89a9c4b614086 to address CVE-2019-14234. Thanks Tim Kleinschmidt for the report and Mariusz for the tests. Backport of 6c3dfba89215fc56fc27ef61829a6fff88be4abb from master
2019-09-10	[2.2.x] Fixed #30754 -- Prevented inclusion of aliases in partial index ↵	Simon Charette
	conditions. SQLite doesn't repoint table aliases in partial index conditions on table rename which breaks the documented table alteration procedure. Thanks Pēteris Caune for the report. Backport of 34decdebf157b6f05836009cc1967f74ee541fdf from master
2019-09-02	[2.2.x] Post-release version bump.	Mariusz Felisiak

2019-09-02	[2.2.x] Bumped version for 2.2.5 release.2.2.5	Mariusz Felisiak

2019-08-27	[2.2.x] Fixed #30500 -- Fixed race condition in loading URLconf module.	Tom Forbes

2019-08-15	[2.2.x] Fixed #30449 -- Fixed ↵	zeyneloz
	RelatedFieldListFilter/RelatedOnlyFieldListFilter to respect model's Meta.ordering. Regression in 6d4e5feb79f7eabe8a0c7c4b87f25b1a7f87ca0b. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> Backport of 00035672a460b6eb5442d2837bc783f8af28c6f3 from master
2019-08-14	[2.2.x] Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms ↵	Mariusz Felisiak
	on expressions with params. Regression in 4f5b58f5cd3c57fee9972ab074f8dc6895d8f387. Thanks Florian Apolloner for the report and helping with tests. Backport of 1f8382d34d54061eddc41df6994e20ee38c60907 from master.
2019-08-08	[2.2.x] Fixed #30673 -- Relaxed system check for db_table collision when ↵	Adnan Umer
	database routers are installed by turning the error into a warning. Backport of 8d3519071ec001f763b70a3a1f98ae2e980bd552 from master.
2019-08-01	[2.2.x] Post-release version bump.	Carlton Gibson

2019-08-01	[2.2.x] Bumped version for 2.2.4 release.2.2.4	Carlton Gibson

2019-07-29	[2.2.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in ↵	Florian Apolloner
	django.utils.encoding.uri_to_iri(). Thanks to Guido Vranken for initial report.
2019-07-29	[2.2.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and ↵	Mariusz Felisiak
	index lookups against SQL injection. Thanks to Sage M. Abdullah for the report and initial patch. Thanks Florian Apolloner for reviews.
2019-07-29	[2.2.x] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ↵	Florian Apolloner
	strip_tags() when handling incomplete HTML entities. Thanks to Guido Vranken for initial report.
2019-07-29	[2.2.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues ↵	Florian Apolloner
	when truncating HTML. Thanks to Guido Vranken for initial report.
2019-07-24	[2.2.x] Fixed #30647 -- Fixed crash of autoreloader when extra directory ↵	Tom Forbes
	cannot be resolved. Backport of fc75694257b5bceab82713f84fe5a1b23d641c3f from master.
2019-07-23	[2.2.x] Fixed #30506 -- Fixed crash of autoreloader when path contains null ↵	Tom Forbes
	characters. Backport of 2ff517ccb6116c1be6338e6bdcf08a313defc5c7 from master.
2019-07-10	[2.2.x] Fixed #30621 -- Fixed crash of __contains lookup for ↵	Mariusz Felisiak
	Date/DateTimeRangeField when the right hand side is the same type. Thanks Tilman Koschnick for the report and initial patch. Thanks Carlton Gibson for the review. Regression in 6b048b364ca1e0e56a0d3815bf2be33ac9998355. Backport of 7991111af12056ec9a856f35935d273526338c1f from master
2019-07-10	[2.2.x] Fixed #30628 -- Adjusted expression identity to differentiate bound ↵	Simon Charette
	fields. Expressions referring to different bound fields should not be considered equal. Thanks Julien Enselme for the detailed report. Regression in bc7e288ca9554ac1a0a19941302dea19df1acd21. Backport of ee6e93ec8727d0f5ed33190a3c354867669ed72f from master
2019-07-01	[2.2.x] Post-release version bump.	Mariusz Felisiak

2019-07-01	[2.2.x] Bumped version for 2.2.3 release.2.2.3	Mariusz Felisiak

2019-07-01	[2.2.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵	Carlton Gibson
	SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review. Backport of 54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 from master
2019-06-29	[2.2.x] Updated translations from Transifex	Claude Paroz

2019-06-26	[2.2.x] Fixed #30588 -- Fixed crash of autoreloader when __main__ module ↵	Tom Forbes
	doesn't have __file__ attribute. Backport of 8454f6dea49dddb821bfcb7569ea222bb487dfd1 from master
2019-06-21	[2.2.x] Bumped minimum ESLint version to 4.18.2.	Markus Holtermann
	Backport of ad7b438002f1ab2a0ccb321012182991737ea84e from master.
2019-06-05	[2.2.x] Fixed #30542 -- Fixed crash of numerical aggregations with filter.	Étienne Beaulé
	Filters in annotations crashed when used with numerical-type aggregations (i.e. Avg, StdDev, and Variance). This was caused as the source expressions no not necessarily have an output_field (such as the filter field), which lead to an AttributeError: 'WhereNode' object has no attribute output_field. Thanks to Chuan-Zheng Lee for the report. Regression in c690afb873cac8035a3cb3be7c597a5ff0e4b261 and two following commits. Backport of 4b6dfe16226a81fea464ac5f77942f4d6ba266e8 from master.