summaryrefslogtreecommitdiff
path: root/django
AgeCommit message (Collapse)Author
2023-02-14[3.2.x] Bumped version for 3.2.18 release.3.2.18Carlton Gibson
2023-02-07[3.2.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.Markus Holtermann
Thanks to Jakob Ackermann for the report.
2023-02-01[3.2.x] Post-release version bump.Mariusz Felisiak
2023-02-01[3.2.x] Bumped version for 3.2.17 release.3.2.17Mariusz Felisiak
2023-02-01[3.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for ↵Nick Pope
Accept-Language. The parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. Accept-Language headers are now limited to a maximum length in order to avoid this issue.
2022-10-04[3.2.x] Post-release version bump.Carlton Gibson
2022-10-04[3.2.x] Bumped version for 3.2.16 release.3.2.16Carlton Gibson
2022-09-27[3.2.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as ↵Adam Johnson
regular expressions. Thanks to Benjamin Balder Bach for the report.
2022-08-03[3.2.x] Post-release version bump.Carlton Gibson
2022-08-03[3.2.x] Bumped version for 3.2.15 release.3.2.15Carlton Gibson
2022-08-03[3.2.x] Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header.Carlton Gibson
Thanks to Motoyasu Saburi for the report.
2022-08-01[3.2.x] Fixed collation tests on MySQL 8.0.30+.Mariusz Felisiak
The utf8_ collations are renamed to utf8mb3_* on MySQL 8.0.30+. Backport of 88dba2e3fd64b64bcf4fae83b256b4f6f492558f from main.
2022-08-01[3.2.x] Fixed inspectdb and schema tests on MariaDB 10.6+.Mariusz Felisiak
The utf8 character set (and related collations) is by default an alias for utf8mb3 on MariaDB 10.6+. Backport of 355ecd141671e34853d1ff99ffdb1a7fb95b4276 from main
2022-07-04[3.2.x] Post-release version bump.Mariusz Felisiak
2022-07-04[3.2.x] Bumped version for 3.2.14 release.3.2.14Mariusz Felisiak
2022-07-04[3.2.x] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) ↵Mariusz Felisiak
against SQL injection. Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
2022-04-11[3.2.x] Post-release version bump.Mariusz Felisiak
2022-04-11[3.2.x] Bumped version for 3.2.13 release.3.2.13Mariusz Felisiak
2022-04-11[3.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) ↵Mariusz Felisiak
against SQL injection on PostgreSQL. Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main.
2022-04-11[3.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), ↵Mariusz Felisiak
and extra() against SQL injection in column aliases. Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report. Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.
2022-04-11[3.2.x] Fixed #33628 -- Ignored directories with empty names in autoreloader ↵Manel Clos
check for template changes. Regression in 68357b2ca9e88c40fc00d848799813241be39129. Backport of 62739b6e2630e37faa68a86a59fad135cc788cd7 from main.
2022-02-01[3.2.x] Post-release version bump.Mariusz Felisiak
2022-02-01[3.2.x] Bumped version for 3.2.12 release.3.2.12Mariusz Felisiak
2022-02-01[3.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.Mariusz Felisiak
Thanks Alan Ryan for the report and initial patch. Backport of fc18f36c4ab94399366ca2f2007b3692559a6f23 from main.
2022-02-01[3.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.Markus Holtermann
Thanks Keryn Knight for the report. Backport of 394517f07886495efcf79f95c7ee402a9437bd68 from main. Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04[3.2.x] Post-release version bump.Carlton Gibson
2022-01-04[3.2.x] Bumped version for 3.2.11 release.3.2.11Carlton Gibson
2022-01-04[3.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage ↵Florian Apolloner
subsystem. Thanks to Dennis Brinkrolf for the report.
2022-01-04[3.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in ↵Florian Apolloner
dictsort template filter. Thanks to Dennis Brinkrolf for the report. Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04[3.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in ↵Florian Apolloner
UserAttributeSimilarityValidator. Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu>
2021-12-07[3.2.x] Post-release version bump.Mariusz Felisiak
2021-12-07[3.2.x] Bumped version for 3.2.10 release.3.2.10Mariusz Felisiak
2021-12-07[3.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an ↵Florian Apolloner
upstream access control based on URL paths. Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports. Backport of d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6 from main.
2021-12-03[3.2.x] Fixed #33333 -- Fixed setUpTestData() crash with models.BinaryField ↵Mariusz Felisiak
on PostgreSQL. This makes models.BinaryField pickleable on PostgreSQL. Regression in 3cf80d3fcf7446afdde16a2be515c423f720e54d. Thanks Adam Zimmerman for the report. Backport of 2c7846d992ca512d36a73f518205015c88ed088c from main.
2021-11-01[3.2.x] Post-release version bump.Mariusz Felisiak
2021-11-01[3.2.x] Bumped version for 3.2.9 release.3.2.9Mariusz Felisiak
2021-10-18[3.2.x] Fixed #33194 -- Fixed migrations when altering a field with ↵Hannes Ljungberg
functional indexes on SQLite. This adjusts Expressions.rename_table_references() to only update alias when needed. Regression in 83fcfc9ec8610540948815e127101f1206562ead. Co-authored-by: Simon Charette <charettes@users.noreply.github.com> Backport of 86971c40909430a798e4e55b140004c4b1fb02ff from main.
2021-10-05[3.2.x] Refs #32074 -- Used asyncio.get_running_loop() instead of ↵Mariusz Felisiak
get_event_loop() on Python 3.7+. Using asyncio.get_event_loop() when there is no running event loop was deprecated in Python 3.10, see https://bugs.python.org/issue39529.
2021-10-05[3.2.x] Refs #32074 -- Fixed find_module()/find_loader() warnings on Python ↵Mariusz Felisiak
3.10+. Backport of f1bcaa9be8227dce89a320ce1ca37e1df7c80d03 from main.
2021-10-05[3.2.x] Refs #32074 -- Removed usage of deprecated Thread.setDaemon().Karthikeyan Singaravelan
Thread.setDaemon() was deprecated in Python 3.10 and will be removed in Python 3.12. Backport of f9f6bd63c98dc2f01412887f4a98dbfdab363fdf from main
2021-10-05[3.2.x] Refs #32074 -- Removed usage of Python's deprecated ↵Mariusz Felisiak
distutils.version package. The distutils package was formally deprecated in Python 3.10 and will be removed in Python 3.12. Backport of b8c9e9fae14676d2e81242cb8df1e2eeef9c3a2d from main
2021-10-05[3.2.x] Post-release version bump.Carlton Gibson
2021-10-05[3.2.x] Bumped version for 3.2.8 release.3.2.8Carlton Gibson
2021-09-21[3.2.x] Fixed #33083 -- Fixed selecting all items in the admin changelist ↵Carlton Gibson
when actions are both top and bottom. Thanks Benjamin Locher for the report. Regression in 30e59705fc3e3e9e8370b965af794ad6173bf92b. Backport of b0ed619303d2fb723330ca9efa3acf23d49f1d19 from main
2021-09-18[3.2.x] Fixed #33077 -- Fixed links to related models for admin's readonly ↵Ken Whitesell
fields in custom admin site. Backport of 0a9aa02e6f1d1b9ceca155d281a2be624bb1d3a2 from main
2021-09-01[3.2.x] Post-release version bump.Mariusz Felisiak
2021-09-01[3.2.x] Bumped version for 3.2.7 release.3.2.7Mariusz Felisiak
2021-08-30[3.2.x] Fixed #32992 -- Restored offset extraction for fixed offset timezones.Carlton Gibson
Regression in 10d126198434810529e0220b0c6896ed64ca0e88. Backport of cbba49971bbbbe3e8c6685e4ce6ab87b1187ae87 from main
2021-08-23[3.2.x] Fixed #33030 -- Fixed broken links to GDAL docs.Märt Häkkinen
Backport of ed317e79e355bd3aacb1393b821df7b1a7267ebc from main
2021-08-02[3.2.x] Post-release version bump.Carlton Gibson
generated by cgit v1.3 (git 2.53.0) at 2026-06-30 20:57:37 +0000