summaryrefslogtreecommitdiff
path: root/django
AgeCommit message (Collapse)Author
2025-11-13Fixed #36730 -- Fixed constraint validation crash for excluded FK attnames.Adam Johnson
Regression in e44e8327d3d88d86895735c0e427102063ff5b55. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2025-11-12Fixed #36717 -- Redirect authenticated users on admin login view to next URL.Benedict Etzel
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-11-12Refs #35381 -- Made JSONNull deconstruct using convenient import path.Clifford Gama
2025-11-11Fixed #36053 -- Fixed placement of FilteredSelectMultiple widget label.Dani Fornons
2025-11-10Fixed #36715 -- Handled non-finite Decimals in intcomma filter.Kasyap Pentamaraju
2025-11-07Fixed #36420 -- Used actual SQLite limits in last_executed_query() quoting.myoungjinGo
2025-11-07Fixed #36705 -- Avoided string concatenation in utils.Kasyap Pentamaraju
Repeated string concatenation performs poorly on PyPy. Thanks Seokchan Yoon for the report.
2025-11-07Fixed #36315 -- Used TaskGroup instead of asyncio.gather().Thomas Grainger
2025-11-07Refs #36315 -- Replaced manual task and cancellation handling with TaskGroup ↵Thomas Grainger
in ASGIHandler.
2025-11-07Refs #36315 -- Used contextlib.closing() in ASGIHandler.handle().Thomas Grainger
2025-11-06Fixed #36702 -- Made bulk_create() return pk values set by an expression.us77ipis
2025-11-05Fixed #36710 -- Fixed a regression in urlize for multipart domain names.Mehraz Hossain Rumman
Thanks Mehraz Hossain Rumman for the report and Bruno Alla for the triage. Regression in a9fe98d5bd4212d069afe8316101984aadecfbb2.
2025-11-05Fixed #36709 -- Included static methods in system check for ↵Harsh Jain
UserModel.is_anonymous/is_authenticated methods.
2025-11-05Refs CVE-2025-64459 -- Avoided propagating invalid arguments to Q on ↵Jacob Walls
dictionary expansion.
2025-11-05Fixed CVE-2025-64459 -- Prevented SQL injections in Q/QuerySet via the ↵Jacob Walls
_connector kwarg. Thanks cyberstan for the report, Sarah Boyce, Adam Johnson, Simon Charette, and Jake Howard for the reviews.
2025-11-05Fixed CVE-2025-64458 -- Mitigated potential DoS in ↵Jacob Walls
HttpResponseRedirect/HttpResponsePermanentRedirect on Windows. Thanks Seokchan Yoon for the report, Markus Holtermann for the triage, and Jake Howard for the review. Follow-up to CVE-2025-27556 and 39e2297210d9d2938c75fc911d45f0e863dc4821.
2025-11-04Fixed #36704 -- Fixed system check error for proxy model with a composite pk.Hal Blackburn
Proxy models subclassing a model with a CompositePrimaryKey were incorrectly reporting check errors because the check that requires only local fields to be used in a composite pk was evaluated against the proxy subclass, which has no fields. To fix this, composite pk field checks are not evaluated against proxy subclasses, as none of the checks are applicable to proxy subclasses. This also has the benefit of not double-reporting real check errors from an invalid superclass pk. Thanks Clifford Gama for the review.
2025-11-04Fixed #36652 -- Increased determinism when loading migrations from disk.Jayden Kneller
Ordering still depends on pkgutil.iter_modules, which does not guarantee order, but at least now Django is not introducing additional indeterminism, causing CircularDependencyError to appear or not appear in some edge cases. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2025-11-03Fixed #36695 -- Fixed handling of parameterized generics in migration ↵Augusto Pontes
serialization. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2025-10-31Fixed #36661 -- Added introspection of database-level delete options.Mariusz Felisiak
2025-10-31Fixed #36696 -- Fixed NameError when inspecting functions with deferred ↵Patrick Rauscher
annotations. In Python 3.14, annotations are deferred by default, so we should not assume that the names in them have been imported unconditionally.
2025-10-29Refs #35381 -- Deprecated using None in JSONExact rhs to mean JSON null.Clifford Gama
Key and index lookups are exempt from the deprecation. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2025-10-29Refs #35381 -- Delegated ArrayField element prepping to ↵Clifford Gama
base_field.get_db_prep_save. Previously, ArrayField always used base_field.get_db_prep_value when saving, which could differ from how base_field prepares data for save. This change overrides ArrayField.get_db_prep_save to delegate to the base_field's get_db_prep_save, ensuring elements like None in JSONField arrays are saved correctly as SQL NULL instead of JSON null.
2025-10-29Fixed #35381 -- Added JSONNull() expression.Clifford Gama
Thanks Jacob Walls for the review.
2025-10-29Fixed #36678 -- Limited retries in ParallelTestRunner.Jacob Walls
Thanks Natalia Bidart for the review.
2025-10-29Refs #35972 -- Returned params in a tuple in further lookups.Jacob Walls
2025-10-28Reverted "Fixed #26434 -- Removed faulty clearing of ordering field when ↵Jacob Walls
missing from explicit grouping." This reverts commit ea3a71c2d09f8281d8a50ed20e40e1fb13db5cd9. The implementation was flawed, as self.group_by contains Cols, not aliases.
2025-10-28Fixed #36596 -- Made parallel test runner respect django_test_skips and ↵Mariusz Felisiak
django_test_expected_failures.
2025-10-27Fixed #26434 -- Removed faulty clearing of ordering field when missing from ↵Michal Mládek
explicit grouping. Co-authored-by: Simon Charette <charette.s@gmail.com>
2025-10-27Fixed #36624 -- Dropped support for MySQL < 8.4.Mariusz Felisiak
2025-10-25Fixed #36683 -- Added error message on QuerySet.update() following ↵Matthew Shirley
distinct(*fields).
2025-10-24Fixed #36674 -- Fixed memory leak in select_related().Ken Nzioka
2025-10-23Fixed #35095 -- Clarified Swiss number formatting in ↵Annabelle Wiegart
docs/topics/i18n/formatting.txt. Co-authored-by: Ahmed Nassar <a.moh.nassar00@gmail.com>
2025-10-21Fixed #36677 -- Fixed scheduling of system checks in ParallelTestSuite workers.Jacob Walls
Running system checks in workers must happen after database aliases are set up. Regression in 606fc352799e372928fa2c978ab99f0fb6d6017c.
2025-10-21Fixed #36656 -- Avoided truncating async streaming responses in GZipMiddleware.Adam Johnson
2025-10-20Fixed #36470 -- Prevented log injection in runserver when handling NOT FOUND.YashRaj1506
Migrated `WSGIRequestHandler.log_message()` to use a more robust `log_message()` helper, which was based of `log_response()` via factoring out the common bits. Refs CVE-2025-48432. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-10-18Fixed #36671 -- Dropped support for SQLite < 3.37.Mariusz Felisiak
2025-10-18Fixed #21961 -- Added support for database-level delete options for ForeignKey.Mariusz Felisiak
Thanks Simon Charette for pair programming. Co-authored-by: Nick Stefan <NickStefan12@gmail.com> Co-authored-by: Akash Kumar Sen <71623442+Akash-Kumar-Sen@users.noreply.github.com> Co-authored-by: Simon Charette <charette.s@gmail.com>
2025-10-16Bumped minimum isort version to 7.0.0.Jacob Walls
Added ignores relating to https://github.com/PyCQA/isort/issues/2352.
2025-10-16Refs #28586 - Copied fetch mode in QuerySet.create().Adam Johnson
This change allows the pattern `MyModel.objects.fetch_mode(...).create(...)` to set the fetch mode for a new object.
2025-10-16Refs #28586 -- Copied fetch modes to related objects.Adam Johnson
This change ensures that behavior and performance remain consistent when traversing relationships.
2025-10-16Refs #28586 -- Simplified related descriptor get_queryset() methods.Adam Johnson
Modify these methods to accept an instance parameter which is clearer and allows us to set the instance hint earlier.
2025-10-16Refs #28586 -- Made fetch modes pickle as singletons.Adam Johnson
This change ensures that we don’t create new instances of fetch modes when pickling and unpickling, saving memory and preserving their singleton nature.
2025-10-16Fixed #28586 -- Added model field fetch modes.Adam Johnson
May your database queries be much reduced with minimal effort. co-authored-by: Andreas Pelme <andreas@pelme.se> co-authored-by: Simon Charette <charette.s@gmail.com> co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2025-10-15Fixed 36622 -- Prevented LazyObject FileField storages from evaluating at ↵Clifford Gama
boot time. Co-authored-by: Fabien MICHEL <fmichel@adista.fr>
2025-10-15Fixed #36659 -- Fixed flatpage content selector in admin forms.css.Baptiste Mispelon
Regression in bb145e2c47d71b7f68280c00ced727442d2effa2.
2025-10-14Fixed #36648, Refs #33772 -- Accounted for composite pks in first()/last() ↵Jacob Walls
when aggregating.
2025-10-14Fixed #36654 -- Corrected Model._do_update()'s docstring.Augusto Pontes
2025-10-14Refs #31223 -- Added __class_getitem__() to SetPasswordMixin.Thibaut Decombe
2025-10-14Fixed #34041 -- Added aria-current attribute to admin breadcrumbs.antoliny0919
Co-authored by: farita1699 <uwanjerry25@gmail.com>