summaryrefslogtreecommitdiff
path: root/django
AgeCommit message (Collapse)Author
2022-10-04[4.0.x] Bumped version for 4.0.8 release.4.0.8Carlton Gibson
2022-09-27[4.0.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as ↵Adam Johnson
regular expressions. Thanks to Benjamin Balder Bach for the report.
2022-08-03[4.0.x] Post-release version bump.Carlton Gibson
2022-08-03[4.0.x] Bumped version for 4.0.7 release.4.0.7Carlton Gibson
2022-08-03[4.0.x] Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header.Carlton Gibson
Thanks to Motoyasu Saburi for the report.
2022-08-03[4.0.x] Fixed warnings per flake8 5.0.0.Mariusz Felisiak
Backport of c18861804feb6a97afbeabb51be748dd60a04458 from main.
2022-08-01[4.0.x] Fixed collation tests on MySQL 8.0.30+.Mariusz Felisiak
The utf8_ collations are renamed to utf8mb3_* on MySQL 8.0.30+. Backport of 88dba2e3fd64b64bcf4fae83b256b4f6f492558f from main
2022-07-04[4.0.x] Post-release version bump.Mariusz Felisiak
2022-07-04[4.0.x] Bumped version for 4.0.6 release.4.0.6Mariusz Felisiak
2022-07-04[4.0.x] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) ↵Mariusz Felisiak
against SQL injection. Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
2022-06-01[4.0.x] Post-release version bump.Carlton Gibson
2022-06-01[4.0.x] Bumped version for 4.0.5 release.4.0.5Carlton Gibson
2022-05-21[4.0.x] Fixed #33725 -- Made hidden quick filter in admin's navigation ↵Sankalp
sidebar not focusable. Regression in d915dd1c5809d7c2bb3679751cd5277571dcd9f7. Follow up to 780473d75625d014cbe9b0acdea40b7a5970d5d8. Backport of 90dcf271147693a8897f644c4c8943c5b73c02f8 from main.
2022-05-19[4.0.x] Fixed #33705 -- Fixed crash when using IsNull() lookup in filters.David Wobrock
Thanks Florian Apolloner for the report. Thanks Simon Charette for the review. Backport of 9f5548952906c6ea97200c016734b4f519520a64 from main
2022-05-16[4.0.x] Fixed #33681 -- Made Redis client pass CACHES["OPTIONS"] to a ↵Mariusz Felisiak
connection pool. Thanks Ben Picolo for the report. Backport of d27e6b233f83c3429f21ff3c250a28ff302637ef from main
2022-04-11[4.0.x] Post-release version bump.Mariusz Felisiak
2022-04-11[4.0.x] Bumped version for 4.0.4 release.4.0.4Mariusz Felisiak
2022-04-11[4.0.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) ↵Mariusz Felisiak
against SQL injection on PostgreSQL. Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main.
2022-04-11[4.0.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), ↵Mariusz Felisiak
and extra() against SQL injection in column aliases. Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report. Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.
2022-04-11[4.0.x] Fixed #33628 -- Ignored directories with empty names in autoreloader ↵Manel Clos
check for template changes. Regression in 68357b2ca9e88c40fc00d848799813241be39129. Backport of 62739b6e2630e37faa68a86a59fad135cc788cd7 from main.
2022-03-30[4.0.x] Fixed #33598 -- Reverted "Removed unnecessary ↵Mariusz Felisiak
reuse_with_filtered_relation argument from Query methods." Thanks lind-marcus for the report. This reverts commit 0c71e0f9cfa714a22297ad31dd5613ee548db379. Regression in 0c71e0f9cfa714a22297ad31dd5613ee548db379. Backport of fac662f4798f7e4e0ed9be6b4fb4a87a80810a68 from main
2022-03-29[4.0.x] Updated Oracle docs links to Oracle 21c.Mariusz Felisiak
Backport of 83c803f161044fbfbfcd9a0c94ca93dc131be662 from main
2022-03-01[4.0.x] Post-release version bump.Carlton Gibson
2022-03-01[4.0.x] Bumped version for 4.0.3 release.4.0.3Carlton Gibson
2022-03-01[4.0.x] Fixed #33547 -- Fixed error when rendering invalid inlines with ↵Mariusz Felisiak
readonly fields in admin. Regression in de95c826673be9ea519acc86fd898631d1a11356. Thanks David Glenck for the report. Backport of 445b075def2c037b971518963b70ce13df5e88a2 from main
2022-02-16[4.0.x] Fixed #33515 -- Prevented recreation of migration for ↵Mariusz Felisiak
ManyToManyField to lowercased swappable setting. Thanks Chris Lee for the report. Regression in 43289707809c814a70f0db38ca4f82f35f43dbfd. Refs #23916. Backport of 1e2e1be02bdf0fe4add0d0279dbca1d74ae28ad7 from main
2022-02-08[4.0.x] Refs #33476 -- Refactored code to strictly match 88 characters line ↵Mariusz Felisiak
length. Backport of 7119f40c9881666b6f9b5cf7df09ee1d21cc8344 from main.
2022-02-08[4.0.x] Refs #33476 -- Reformatted code with Black.django-bot
Backport of 9c19aff7c7561e3a82978a272ecdaad40dda5c00 from main.
2022-02-03[4.0.x] Refs #33476 -- Refactored problematic code before reformatting by Black.Mariusz Felisiak
In these cases Black produces unexpected results, e.g. def make_random_password( self, length=10, allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789', ): or cursor.execute(""" SELECT ... """, [table name], ) Backport of c5cd8783825b5f6384417dac5f3889b4210b7d08 from main.
2022-02-01[4.0.x] Refs #33476 -- Used vertical hanging indentation for format lists ↵Mariusz Felisiak
with inline comments. Lists with multiple values and comments per-line are reformatted by Black to multiple lines with a single comment. For example: DATE_INPUT_FORMATS = "%Y-%m-%d", "%m/%d/%Y", "%m/%d/%y", # '2006-10-25', '10/25/2006', '10/25/06' ] is reformatted to the: DATE_INPUT_FORMATS = "%Y-%m-%d", "%m/%d/%Y", "%m/%d/%y", # '2006-10-25', '10/25/2006', '10/25/06' ] This reformats affected entries to multiple lines with corresponding comments. Backport of ca88caa1031c0de545d82de8d90dcae0e03651fb from main
2022-02-01[4.0.x] Post-release version bump.Mariusz Felisiak
2022-02-01[4.0.x] Bumped version for 4.0.2 release.4.0.2Mariusz Felisiak
2022-02-01[4.0.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.Mariusz Felisiak
Thanks Alan Ryan for the report and initial patch. Backport of fc18f36c4ab94399366ca2f2007b3692559a6f23 from main.
2022-02-01[4.0.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.Markus Holtermann
Thanks Keryn Knight for the report. Backport of 394517f07886495efcf79f95c7ee402a9437bd68 from main. Co-authored-by: Adam Johnson <me@adamj.eu>
2022-02-01[4.0.x] Fixed #33480 -- Fixed makemigrations crash when renaming field of ↵Kirill Safronov
renamed model. Regression in aa4acc164d1247c0de515c959f7b09648b57dc42. Backport of 97a72744681d0993b50dee952cf32cdf9650ad9f from main
2022-01-31[4.0.x] Fixed #33468 -- Fixed QuerySet.aggregate() after annotate() crash on ↵Mariusz Felisiak
aggregates with default. Thanks Adam Johnson for the report. Backport of 71e7c8e73712419626f1c2b6ec036e8559a2d667 from main
2022-01-29[4.0.x] Updated translations from Transifex.Claude Paroz
Updated Bulgarian, Czech, German, Uzbek, and Vietnamese translations.
2022-01-27[4.0.x] Fixed #33462 -- Fixed migration crash when altering type of primary ↵Mariusz Felisiak
key with MTI and foreign key. This prevents duplicated operations when altering type of primary key with MTI and foreign key. Previously, a foreign key to the base model was added twice, once directly and once by the inheritance model. Thanks bcail for the report. Regression in 325d7710ce9f6155bb55610ad6b4580d31263557. Backport of e972620ada4f9ed7bc57f28e133e85c85b0a7b20 from main
2022-01-26[4.0.x] Fixed #33407 -- Fixed .radiolist admin CSS.Carlton Gibson
Regression in 5942ab5eb165ee2e759174e297148a40dd855920. Backport of 85f2a9fb0f0973930abc84a725bc30703aa3d98b from main
2022-01-21[4.0.x] Fixed #33449 -- Fixed makemigrations crash on models without ↵Fabian Büchler
Meta.order_with_respect_to but with _order field. Regression in aa4acc164d1247c0de515c959f7b09648b57dc42. Backport of eeff1787b0aa23016e4844c0f537d5093a95a356 from main
2022-01-10[4.0.x] Fixed #33426 -- Fixed ResolverMatch.__repr_() for class-based views.Keryn Knight
Regression in 7c08f26bf0439c1ed593b51b51ad847f7e262bc1. Backport of f4b06a3cc1e54888ff86f36a1f9a3ddf21292314 from main
2022-01-08[4.0.x] Fixed #33425 -- Fixed view name for CBVs on technical 404 debug page.Keryn Knight
Regression in 0c0b87725bbcffca3bc3a7a2c649995695a5ae3b. Backport of 2a66c102d9c674fadab252a28d8def32a8b626ec from main
2022-01-07[4.0.x] Fixed #33419 -- Restored marking forms.Field.help_text as HTML safe.David
Regression in 456466d932830b096d39806e291fe23ec5ed38d5. Thanks Matt Westcott for the report. Backport of 4c60c3edff4312303e1021fca47ed52c2152d285 from main
2022-01-07[4.0.x] Fixed #33410 -- Fixed recursive capturing of callbacks by ↵Petter Friberg
TestCase.captureOnCommitCallbacks(). Regression in d89f976bddb49fb168334960acc8979c3de991fa. Backport of bc174e6ea0ce676c5a7f467bda9739e6ef6b6186 from main
2022-01-04[4.0.x] Post-release version bump.Carlton Gibson
2022-01-04[4.0.x] Bumped version for 4.0.1 release.4.0.1Carlton Gibson
2022-01-04[4.0.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage ↵Florian Apolloner
subsystem. Thanks to Dennis Brinkrolf for the report.
2022-01-04[4.0.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in ↵Florian Apolloner
dictsort template filter. Thanks to Dennis Brinkrolf for the report. Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04[4.0.x] Fixed CVE-2021-45115 -- Prevented DoS vector in ↵Florian Apolloner
UserAttributeSimilarityValidator. Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu>
2021-12-22[4.0.x] Refs #32355 -- Bumped required psycopg2 version to 2.8.4.Mariusz Felisiak
psycopg2 2.8.4 is the first release to support Python 3.8. Backport of ca04659b4b3f042c1bc7e557c25ed91e3c56c745 from main