| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-09-16 | Fixed #36580 -- Fixed constraint validation crash when condition uses a ↵ | SaJH | |
| ForeignObject. Follow-up to e44e8327d3d88d86895735c0e427102063ff5b55. Refs #36222. | |||
| 2025-09-15 | Fixed #36520 -- Reverted "Fixed #35440 -- Simplified parse_header_parameters ↵ | Natalia | |
| by leveraging stdlid's Message." This partially reverts commit 9aabe7eae3eeb3e64c5a0f3687118cd806158550. The simplification of parse_header_parameters using stdlib's Message is reverted due to a performance regression. The check for the header maximum length remains in place, per Security Team guidance. Thanks to David Smith for reporting the regression, and Jacob Walls for the review. | |||
| 2025-09-15 | Fixed #36589 -- Made assertTemplateUsed/NotUsed track full path for ↵ | Caitie Baca | |
| PartialTemplate. Previously, assertTemplateUsed only matched partial names, ignoring the template origin. This caused assertions on partials specified by origin ("template.html#partial") to fail. Refs #36410. | |||
| 2025-09-15 | Refs #27489 -- Made RenamePermission() operation respect database. | David Sanders | |
| Regression in f02b49d2f3bf84f5225de920ca510149f1f9f1da. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2025-09-15 | Renamed local variables in CsrfViewMiddleware._origin_verified() for clarity. | Klaas van Schelven | |
| 2025-09-14 | Fixed typo in django/core/files/storage/base.py docstring. | Siyabonga Dlikilili | |
| 2025-09-14 | Fixed #27222 -- Refreshed model field values assigned expressions on save(). | Simon Charette | |
| Removed the can_return_columns_from_insert skip gates on existing field_defaults tests to confirm the expected number of queries are performed and that returning field overrides are respected. | |||
| 2025-09-14 | Refs #27222 -- Refreshed GeneratedFields values on save() initiated update. | Simon Charette | |
| This required implementing UPDATE RETURNING machinery that heavily borrows from the INSERT one. | |||
| 2025-09-12 | Refs #35667 -- Cached Django file prefixes for warnings. | Adam Johnson | |
| 2025-09-11 | Fixed #36603 -- Optimized check order in LoginRequiredMiddleware. | Adam Johnson | |
| 2025-09-05 | Fixed #36564 -- Changed DEFAULT_AUTO_FIELD from AutoField to BigAutoField. | Tim Graham | |
| 2025-09-04 | Fixed #36578, Refs #35791 -- Ensured inline delete icon scales and stays ↵ | Sarah Boyce | |
| centered in the admin. Regression in 87ab54b488cb58d810939112f208bb37068710e0. Refs #35829. Thank you Natalia Bidart for the review. | |||
| 2025-09-04 | Fixed #36481 -- Fixed QuerySet.update concrete fields check. | Ryan P Kilby | |
| FieldError is now emitted for invalid update calls involving reverse relations, where previously they failed with AttributeError. | |||
| 2025-09-04 | Refs #36559, #35667 -- Used skip_file_prefixes in PartialTemplate.source ↵ | farhan | |
| warning. | |||
| 2025-09-03 | Refs #34989 -- Ensured the Content-Length header is set when redirect with ↵ | Ronan LE HAY | |
| APPEND_SLASH. | |||
| 2025-09-03 | Fixed #36559 -- Respected verbatim and comment blocks in PartialTemplate.source. | farhan | |
| 2025-09-03 | Refs #36559 -- Ran template partial source tests in debug mode only. | farhan | |
| Added a warning for accessing PartialTemplate.source when debugging is disabled. Thanks Sarah Boyce for the idea. | |||
| 2025-09-03 | Fixed CVE-2025-57833 -- Protected FilteredRelation against SQL injection in ↵ | Jake Howard | |
| column aliases. Thanks Eyal Gabay (EyalSec) for the report. | |||
| 2025-08-29 | Fixed #36431 -- Returned tuples for multi-column ForeignObject in ↵ | SaJH | |
| values()/values_list(). Thanks Jacob Walls and Simon Charette for tests. Signed-off-by: SaJH <wogur981208@gmail.com> | |||
| 2025-08-29 | Refs #36152 -- Suppressed duplicate warning when using "%" in alias via ↵ | Jacob Walls | |
| values(). | |||
| 2025-08-29 | Refs #34624 -- Changed RedirectAdmin to use a Select widget for the site field. | SaJH | |
| Signed-off-by: SaJH <wogur981208@gmail.com> | |||
| 2025-08-29 | Fixed #34624 -- Removed change, delete, and view buttons for non-Select ↵ | SaJH | |
| widgets in RelatedFieldWidgetWrapper. Signed-off-by: SaJH <wogur981208@gmail.com> | |||
| 2025-08-28 | Fixed #36532 -- Added Content Security Policy view decorators to override or ↵ | Rob Hudson | |
| disable policies. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2025-08-28 | Refs #27222 -- Adapted RETURNING handling to be usable for UPDATE queries. | Simon Charette | |
| Renamed existing methods and abstractions used for INSERT … RETURNING to be generic enough to be used in the context of UPDATEs as well. This also consolidates SQL compliant implementations on BaseDatabaseOperations. | |||
| 2025-08-28 | Refs #27222 -- Implemented ↵ | Simon Charette | |
| BaseDatabaseOperations.return_insert_columns()/fetch_returned_insert_rows(). | |||
| 2025-08-28 | Refs #36520 -- Ensured only the header value is passed to ↵ | Jake Howard | |
| parse_header_parameters for multipart requests. Header parsing should apply only to the header value. The previous implementation happened to work but relied on unintended behavior. | |||
| 2025-08-28 | Fixed #35533 -- Prevented urlize creating broken links given a markdown link ↵ | SaJH | |
| input. Signed-off-by: SaJH <wogur981208@gmail.com> | |||
| 2025-08-27 | Fixed #36577 -- Removed obsolete try-except for GIS layermapping imports. | Adam Johnson | |
| 2025-08-27 | Fixed #36572 -- Revert "Fixed #36546 -- Deprecated ↵ | Sarah Boyce | |
| django.utils.crypto.constant_time_compare() in favor of hmac.compare_digest()." This reverts commit 0246f478882c26bc1fe293224653074cd46a90d0. | |||
| 2025-08-26 | Fixed #36556 -- Fixed TabularInline width overflowing the page. | antoliny0919 | |
| 2025-08-25 | Fixed #36546 -- Deprecated django.utils.crypto.constant_time_compare() in ↵ | SaJH | |
| favor of hmac.compare_digest(). Signed-off-by: SaJH <wogur981208@gmail.com> | |||
| 2025-08-25 | Fixed #36251 -- Avoided mutating form Meta.fields in BaseInlineFormSet. | SaJH | |
| Signed-off-by: SaJH <wogur981208@gmail.com> | |||
| 2025-08-23 | Refs #470 -- Adjusted Field.db_returning to be backend agnostic. | Simon Charette | |
| Determining if a field is db_returning based on the default connection feature availability prevents the usage of RETURNING for db_default fields in setups where non-default backends do support RETURNING. Whether or not the field should be attempted to be returned is already checked at the compiler level which is backend aware. | |||
| 2025-08-22 | Refs #35530 -- Corrected deprecation message in auth.alogin(). | Mariusz Felisiak | |
| Follow up to ceecd518b19044181a3598c55ebed7c2545963cc. | |||
| 2025-08-22 | Fixed #36558, Refs #36366 -- Fixed the "show all" link hover styling in ↵ | antoliny0919 | |
| admin pagination. Regression in 3f59711581bd22ebd0f13fb040b15b69c0eee21f. | |||
| 2025-08-21 | Clarified "inline foreign key" to avoid confusion with generated fields in ↵ | Clifford Gama | |
| django/forms/models.py. | |||
| 2025-08-21 | Refs #36366 -- Fixed page number layout in admin pagination on small screens. | antoliny0919 | |
| Regression in 3f59711581bd22ebd0f13fb040b15b69c0eee21f. | |||
| 2025-08-21 | Fixed #36399 -- Added support for multiple Cookie headers in HTTP/2 for ↵ | SaJH | |
| ASGIRequest. Signed-off-by: SaJH <wogur981208@gmail.com> | |||
| 2025-08-21 | Fixed #36560 -- Prevented UpdateCacheMiddleware from caching responses with ↵ | mengxun | |
| Cache-Control 'no-cache' or 'no-store'. | |||
| 2025-08-21 | Refs #36430, #36416, #34378 -- Simplified batch size calculation in ↵ | Jacob Walls | |
| QuerySet.in_bulk(). | |||
| 2025-08-21 | Fixed #36430 -- Removed artificially low limit on single field bulk ↵ | Jacob Walls | |
| operations on SQLite. | |||
| 2025-08-21 | Fixed #36382 -- Confirmed support for GDAL 3.11. | David Smith | |
| TIGER driver was removed in GDAL 3.11. https://github.com/OSGeo/gdal/commit/eb793be0395ccba50e053a46b30cb90deb530990 | |||
| 2025-08-20 | Refs #35303 -- Made small optimizations in alogout() and aget_user(). | Mariusz Felisiak | |
| In alogout(), there is no need to check the is_authenticated attribute when user is None. In aget_user(), there is no need to call get_session_auth_hash() twice. Follow up to 50f89ae850f6b4e35819fe725a08c7e579bfd099. | |||
| 2025-08-20 | Fixed #36561 -- Used request.auser() in ↵ | Xinyi Rong | |
| contrib.auth.aupdate_session_auth_hash(). | |||
| 2025-08-19 | Fixed #27489 -- Renamed permissions upon model renaming in migrations. | Artyom Kotovskiy | |
| 2025-08-19 | Fixed #35892 -- Supported Widget.use_fieldset in admin forms. | antoliny0919 | |
| 2025-08-17 | Refs #36528 -- Fixed link underline typo in CSS. | Antoliny Lee | |
| Regression in 792ca148a2d6da6cf0778f6a866c899208ab94f9. | |||
| 2025-08-16 | Refs #31123 -- Simplified create_contentypes(). | Nick Pope | |
| Since 142ab6846ac09d6d401e26fc8b6b988a583ac0f5 get_contenttypes_and_models() function was only used in this module and we only needed the model names, not the content type objects themselves. | |||
| 2025-08-15 | Refs #36490 -- Simplified QuerySet._batched_insert returning fields handling. | Simon Charette | |
| Whether or not returning_fields should be specified to _insert is not a function of each batches so the conditional can be moved outside of the loop. | |||
| 2025-08-15 | Fixed #36490 -- Avoided unnecessary transaction in bulk_create. | Simon Charette | |
| When dealing with an heterogeneous set of object with regards to primary key assignment that fits in a single batch there's no need to wrap the single INSERT statement in a transaction. | |||
