summaryrefslogtreecommitdiff
path: root/django
AgeCommit message (Collapse)Author
2019-09-02[2.2.x] Bumped version for 2.2.5 release.2.2.5Mariusz Felisiak
2019-08-27[2.2.x] Fixed #30500 -- Fixed race condition in loading URLconf module.Tom Forbes
2019-08-15[2.2.x] Fixed #30449 -- Fixed ↵zeyneloz
RelatedFieldListFilter/RelatedOnlyFieldListFilter to respect model's Meta.ordering. Regression in 6d4e5feb79f7eabe8a0c7c4b87f25b1a7f87ca0b. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> Backport of 00035672a460b6eb5442d2837bc783f8af28c6f3 from master
2019-08-14[2.2.x] Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms ↵Mariusz Felisiak
on expressions with params. Regression in 4f5b58f5cd3c57fee9972ab074f8dc6895d8f387. Thanks Florian Apolloner for the report and helping with tests. Backport of 1f8382d34d54061eddc41df6994e20ee38c60907 from master.
2019-08-08[2.2.x] Fixed #30673 -- Relaxed system check for db_table collision when ↵Adnan Umer
database routers are installed by turning the error into a warning. Backport of 8d3519071ec001f763b70a3a1f98ae2e980bd552 from master.
2019-08-01[2.2.x] Post-release version bump.Carlton Gibson
2019-08-01[2.2.x] Bumped version for 2.2.4 release.2.2.4Carlton Gibson
2019-07-29[2.2.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in ↵Florian Apolloner
django.utils.encoding.uri_to_iri(). Thanks to Guido Vranken for initial report.
2019-07-29[2.2.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and ↵Mariusz Felisiak
index lookups against SQL injection. Thanks to Sage M. Abdullah for the report and initial patch. Thanks Florian Apolloner for reviews.
2019-07-29[2.2.x] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ↵Florian Apolloner
strip_tags() when handling incomplete HTML entities. Thanks to Guido Vranken for initial report.
2019-07-29[2.2.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues ↵Florian Apolloner
when truncating HTML. Thanks to Guido Vranken for initial report.
2019-07-24[2.2.x] Fixed #30647 -- Fixed crash of autoreloader when extra directory ↵Tom Forbes
cannot be resolved. Backport of fc75694257b5bceab82713f84fe5a1b23d641c3f from master.
2019-07-23[2.2.x] Fixed #30506 -- Fixed crash of autoreloader when path contains null ↵Tom Forbes
characters. Backport of 2ff517ccb6116c1be6338e6bdcf08a313defc5c7 from master.
2019-07-10[2.2.x] Fixed #30621 -- Fixed crash of __contains lookup for ↵Mariusz Felisiak
Date/DateTimeRangeField when the right hand side is the same type. Thanks Tilman Koschnick for the report and initial patch. Thanks Carlton Gibson for the review. Regression in 6b048b364ca1e0e56a0d3815bf2be33ac9998355. Backport of 7991111af12056ec9a856f35935d273526338c1f from master
2019-07-10[2.2.x] Fixed #30628 -- Adjusted expression identity to differentiate bound ↵Simon Charette
fields. Expressions referring to different bound fields should not be considered equal. Thanks Julien Enselme for the detailed report. Regression in bc7e288ca9554ac1a0a19941302dea19df1acd21. Backport of ee6e93ec8727d0f5ed33190a3c354867669ed72f from master
2019-07-01[2.2.x] Post-release version bump.Mariusz Felisiak
2019-07-01[2.2.x] Bumped version for 2.2.3 release.2.2.3Mariusz Felisiak
2019-07-01[2.2.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵Carlton Gibson
SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review. Backport of 54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 from master
2019-06-29[2.2.x] Updated translations from TransifexClaude Paroz
2019-06-26[2.2.x] Fixed #30588 -- Fixed crash of autoreloader when __main__ module ↵Tom Forbes
doesn't have __file__ attribute. Backport of 8454f6dea49dddb821bfcb7569ea222bb487dfd1 from master
2019-06-21[2.2.x] Bumped minimum ESLint version to 4.18.2.Markus Holtermann
Backport of ad7b438002f1ab2a0ccb321012182991737ea84e from master.
2019-06-05[2.2.x] Fixed #30542 -- Fixed crash of numerical aggregations with filter.Étienne Beaulé
Filters in annotations crashed when used with numerical-type aggregations (i.e. Avg, StdDev, and Variance). This was caused as the source expressions no not necessarily have an output_field (such as the filter field), which lead to an AttributeError: 'WhereNode' object has no attribute output_field. Thanks to Chuan-Zheng Lee for the report. Regression in c690afb873cac8035a3cb3be7c597a5ff0e4b261 and two following commits. Backport of 4b6dfe16226a81fea464ac5f77942f4d6ba266e8 from master.
2019-06-03[2.2.x] Post-release version bump.Carlton Gibson
2019-06-03[2.2.x] Bumped version for 2.2.2 release.2.2.2Carlton Gibson
2019-06-03[2.2.x] Applied jQuery patch for CVE-2019-11358.Carlton Gibson
Backport of 34ec52269ade54af31a021b12969913129571a3f from master.
2019-06-03[2.2.x] Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL before ↵Carlton Gibson
rendering clickable link. Backport of deeba6d92006999fee9adfbd8be79bf0a59e8008 from master.
2019-05-29[2.2.x] Fixed #30523 -- Fixed updating file modification times on seen files ↵Tom Forbes
in auto-reloader when using StatReloader. Previously we updated the file mtimes if the file has not been seen before - i.e on the first iteration of the loop. If the mtime has been changed we triggered the notify_file_changed() method which in all cases except the translations will result in the process being terminated. To be strictly correct we need to update the mtime for either branch of the conditional. Regression in 6754bffa2b2df15a741008aa611c1bb0e8dff22b. Backport of 480492fe70b0bb7df61c00854dc8535c9d21ba64 from master
2019-05-29[2.2.x] Fixed #30516 -- Fixed crash of autoreloader when re-raising ↵Tom Forbes
exceptions with custom signature. Regression in c8720e7696ca41f3262d5369365cc1bd72a216ca. Backport of 0344565179527d80990e2247e3be7c04aa8c43c8 from master
2019-05-28[2.2.x] Fixed #30315 -- Fixed crash of ArrayAgg and StringAgg with ordering ↵Caio Ariede
when used in Subquery. Backport of a3f91891d2c7f4bdc33f48ae70820ef6f36da26e from master.
2019-05-28[2.2.x] Fixed #30479 -- Fixed detecting changes in manage.py by autoreloader ↵Tom Forbes
when using StatReloader. Regression in c8720e7696ca41f3262d5369365cc1bd72a216ca. Backport of b2790f74d4f38c8b297b7c1cef6875d2378f6fa6 from master
2019-05-20[2.2.x] Fixed #30488 -- Removed redundant Coalesce call in SQL generated by ↵Thomasina Lee
SearchVector. Regression in 405c8363362063542e9e79beac53c8437d389520. Backport of c38e7a79f4354ee831f92deb7a658fc0387e3bec from master
2019-05-18[2.2.x] Fixed #30463 -- Fixed crash of deprecation message when ↵ruchit2801
Meta.ordering contains expressions. Regression in 1b1f64ee5a78cc217fead52cbae23114502cf564. Backport of 04042b2b440f0bf50eb908d52cfe76af430e1738 from master
2019-05-17[2.2.x] Fixed #30459 -- Delegated hide/show JS toggle to parent div.Claude Paroz
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Backport of e286987a27271c8ee7eb6e4d4332b563c4e6094b from master
2019-05-07[2.2.x] Fixed #26678 -- Doc'd that RelatedManager.add()/remove()/set() ↵Tobias Kunze
accepts the field the relation points to. Backport of a44a21a22f20c1a710670676fcca798dd6bb5ac0 from master
2019-05-03[2.2.x] Refs #20122 -- Corrected documentation of pluralize template filter.Tobias Kunze
Backport of e3968df527c4d378677f4784fb1bc0c86950fcf8 from master
2019-05-01[2.2.x] Post-release version bump.Mariusz Felisiak
2019-05-01[2.2.x] Bumped version for 2.2.1 release.2.2.1Mariusz Felisiak
2019-04-30[2.2.x] Fixed #30412 -- Fixed crash when adding check constraints with OR'ed ↵can
condition on Oracle and SQLite. Backport of 719b7466203181066d9537d2e3bec687dffc9f41 from master
2019-04-30[2.2.x] Fixed #30408 -- Fixed crash when adding check constraints with LIKE ↵Simon Charette
operator on Oracle and PostgreSQL. The LIKE operator wildcard generated for contains, startswith, endswith and their case-insensitive variant lookups was conflicting with parameter interpolation on CREATE constraint statement execution. Ideally we'd delegate parameters interpolation in DDL statements on backends that support it but that would require backward incompatible changes to the Index and Constraint SQL generating methods. Thanks David Sanders for the report. Backport of a8b3f96f6acfa082f99166e0a1cfb4b0fbc0eace from master
2019-04-29[2.2.x] Fixed #30323 -- Fixed detecting changes by autoreloader when using ↵Tom Forbes
StatReloader. Backport of 6754bffa2b2df15a741008aa611c1bb0e8dff22b from master
2019-04-29[2.2.x] Refs #30323 -- Prevented crash of autoreloader when ↵Tom Forbes
get_resolver().urlconf_module raising an exception. Backport of 0636d4d2aa6e4469198fdf662225ad862e60c5e3 from master
2019-04-27[2.2.x] Fixed #30351 -- Handled pre-existing permissions in proxy model ↵Carlton Gibson
permissions data migration. Regression in 181fb60159e54d442d3610f4afba6f066a6dac05. Backport of 98296f86b340c8c9c968375d59f1d3a3479e60c2 from master
2019-04-26[2.2.x] Fixed #30361 -- Increased the default timeout of watchman client to ↵Jacob Green
5 seconds and made it customizable. Made the default timeout of watchman client customizable via DJANGO_WATCHMAN_TIMEOUT environment variable. Backport of ed3c59097a01ed3f32f8a8bed95307fb5c181251 from master
2019-04-26[2.2.x] Fixed #30312 -- Relaxed admin check from django.contrib.sessions to ↵Aarni Koskela
SessionMiddleware subclasses. Backport of efeceba589974b95b35b2e25df86498c96315518 from master
2019-04-25[2.2.x] Fixed #30318 -- Added check for importability of arguments of custom ↵Alasdair Nicol
error handler views. Thanks to Jon on Stack Overflow for reporting the issue. Backport of a5accc0368c6575b55976c06af36ed399c85c781 from master
2019-04-23[2.2.x] Fixed #30385 -- Restored SearchVector(config) immutability.Simon Charette
Regression in 1a28dc3887e8d66d5e3ff08cf7fb0a6212b873e5. The usage of CONCAT to allow SearchVector to deal with non-text fields made the generated expression non-IMMUTABLE which prevents a functional index to be created for it. Using a combination of COALESCE and ::text makes sure the expression preserves its immutability. Refs #29582. Thanks Andrew Brown for the report, Nick Pope for the review. Backport of 405c8363362063542e9e79beac53c8437d389520 from master
2019-04-19[2.2.x] Fixed #30328 -- Fixed crash of IntegerField.validators when ↵Scott Fitsimones
limit_value in a custom validator is callable. Backport of a14c0fda15db7e0eb982ac7b68d47b45fc95b4cb from master
2019-04-18[2.2.x] Fixed #30335, #29139 -- Fixed crash when ordering or aggregating ↵can
over a nested JSONField key transform. Backport of d87bd29c4f8dfcdf3f4a4eb8340e6770a2416fe3 from master.
2019-04-15[2.2.x] Fixed #30325 -- Reverted "Fixed #29725 -- Removed unnecessary join ↵Mariusz Felisiak
in QuerySet.count() and exists() on a many-to-many relation." This reverts commit 1299421cadc4fcf63585f2f88337078e43e660e0 due to a regression with custom managers. Backport of 5f7991c42cff73b6278106d499d719b726f85ead from master
2019-04-14[2.2.x] Fixed #30350 -- Prevented recreation of migration for operations ↵Florian Apolloner
with a range object. Thanks to Mariusz Felisiak for helping with the patch. Backport of 2e38f2015aba224b68a91a3012b87223f3046bb6 from master.