summaryrefslogtreecommitdiff
path: root/django
AgeCommit message (Collapse)Author
2025-05-16Fixed #36392 -- Raised ValueError when subquery referencing composite pk ↵Jacob Walls
selects too many columns.
2025-05-16Fixed #33312 -- Raised explicit exception when copying deferred model instances.Simon Charette
Previously save() would crash with an attempted forced update message, and both save(force_insert=True) and bulk_create() would crash with DoesNotExist errors trying to retrieve rows with an empty primary key (id IS NULL). Implementing deferred field model instance copying might be doable in certain cases (e.g. when all the deferred fields are db generated) but that's not trivial to implement in a backward compatible way. Thanks Adam Sołtysik for the report and test and Clifford for the review.
2025-05-15Fixed #35829 -- Updated admin icons using Font Awesome Free version 6.7.2.Pablo Bengoechea
Co-authored-by: Stefan <96178532+stefan6419846@users.noreply.github.com>
2025-05-14Fixed #35852 -- Fixed intcomma locale-aware formatting of string number ↵Timothy McCurrach
representations.
2025-05-14Fixed #35507 -- Improved accessibility of search and filter elements in the ↵antoliny0919
admin changelist.
2025-05-14Fixed #36273 -- Moved Index system checks from Model to Index.check().Tim Graham
2025-05-14Fixed #36085 -- Added JSONField support for negative array indexing on SQLite.savanto
2025-05-14Refs #36085 -- Moved compile_json_path to BaseDatabaseOperations.hesham942
2025-05-13Fixed #36383 -- Improved migration serialization for functools.partial objects.Adam Johnson
2025-05-13Refs #36383 -- Extended DeconstructibleSerializer to support non-identifier ↵Adam Johnson
keyword arguments. In Python, keyword arguments must normally be valid identifiers (i.e., variable names that follow Python's naming rules). However, Python dicts can have keys that aren't valid identifiers, like "foo-bar" or "123foo". This commit ensures that keyword arguments that are nt valid identifiers, are properly handled when deconstructing an object.
2025-05-13Refs #36383, #26151 -- Corrected spelling of DeconstructibleSerializer.Adam Johnson
"Deconstructible" is the spelling that Django has settled on, such as for `django.utils.deconstruct`. This commit normalizes a previously-inconsistent class to match the rest of the codebase.
2025-05-13Fixed #35518 -- Optimized RoutePattern by using string operations for ↵Jake Howard
converter-less routes.
2025-05-12Fixed #33174 -- Fixed migrations crash for model inheriting from Generic[T].Thibaut Decombe
2025-05-12Fixed #36373 -- Fixed select_related() crash on foreign object for a ↵Simon Charette
composite pk. Thanks Jacob Walls for the report and Sarah for the in-depth review.
2025-05-09Fixed #36207 -- Cleared cached ForeignObject relations via refresh_from_db().Jacob Walls
2025-05-08Fixed #36295, Refs #24305 -- Allowed overriding GenericForeignKey fields on ↵Ahmed Nassar
abstract models.
2025-05-08Fixed #36363 -- Added field names to admin duplicated fields error hint.Eric Blum
2025-05-08Fixed #36143 -- Made max_query_params respect SQLITE_LIMIT_VARIABLE_NUMBER.Sage Abdullah
Co-authored-by: Xavier Frankline <xf.xavierfrank@gmail.com>
2025-05-06Fixed CVE-2025-32873 -- Mitigated potential DoS in strip_tags().Sarah Boyce
Thanks to Elias Myllymäki for the report, and Shai Berger and Jake Howard for the reviews. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-05-04Fixed #36281 -- Used async-safe write in ASGIHandler.read_body().신우진
Thanks Carlton Gibson for reviews.
2025-04-30Fixed #36357 -- Skipped unique_together in inspectdb output for composite ↵Baptiste Mispelon
primary keys. Thanks to Baptiste Mispelon for the report and quick fix, and to Simon Charette and Jacob Walls for the reviews. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-04-30Fixed #36358 -- Corrected introspection of composite primary keys on SQLite.Simon Charette
Previously, any first field of a composite primary key with type `INTEGER` was incorrectly introspected as an `AutoField` due to SQLite treating `INTEGER PRIMARY KEY` as an alias for the `ROWID`. This change ensures that integer fields in composite PKs are not mistaken for auto-incrementing fields. Thanks Jacob Walls and Sarah Boyce for the reviews.
2025-04-30Refs #36052, #32234 -- Removed create_test_table_with_composite_primary_key ↵Simon Charette
flag in favor of using CompositePrimaryKey. Now that Django properly supports creating models with composite primary keys, the tests should use a `CompositePrimaryKey` field instead of a feature flag to inline backend specific SQL for creating a composite PK. Specifcially, the inspectdb's test_composite_primary_key was adjusted to use schema editor instead of per-backend raw SQL.
2025-04-30Fixed #36360 -- Fixed QuerySet.update() crash when referring annotations ↵Simon Charette
through values(). The issue was only manifesting itself when also filtering againt a related model as that forces the usage of a subquery because SQLUpdateCompiler doesn't support the UPDATE FROM syntax yet. Regression in 65ad4ade74dc9208b9d686a451cd6045df0c9c3a. Refs #28900. Thanks Gav O'Connor for the detailed report.
2025-04-28Fixed #36354 -- Removed JavaScript workaround for browsers lacking `:has()` ↵Fabian Braun
CSS support. This branch removes the JavaScript fallback added in the admin for the add user and change password templates/flows (Refs #34429). Django documents suport for "modern, web standards compliant browsers". See https://caniuse.com/css-has for info on browser support per version.
2025-04-27Fixed #18296 -- Created missing custom target directory for startproject and ↵Bruno Alla
startapp.
2025-04-27Fixed #36312 -- Removed invalid size units for svg in Safari.Ahmed Nassar
2025-04-26Refs #36326 -- Fixed QuerySet.raw() crash on models with CompositePrimaryKey ↵Mariusz Felisiak
on Oracle. Virtual CompositePrimaryKey fields should be ignored. Regression in 1831f7733d3ef03d1ca7fac3e8d9f4c5e3e3375e.
2025-04-24Fixed #36309 -- Made email alternatives and attachments pickleable.nessita
Regression in aba0e541caaa086f183197eaaca0ac20a730bbe4 and in d5bebc1c26d4c0ec9eaa057aefc5b38649c0ba3b. Thanks Florent Messa for the report, and Jake Howard and Claude Paroz for the review.
2025-04-23Fixed #36341 -- Preserved whitespaces in wordwrap template filter.Matti Pohjanvirta
Regression in 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b. This work improves the django.utils.text.wrap() function to ensure that empty lines and lines with whitespace only are kept instead of being dropped. Thanks Matti Pohjanvirta for the report and fix. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-04-23Fixed #35801 -- Prevented collision of senders with non-overlapping lifetimes.Simon Charette
As documented, the id() function can return the same value for distinct objects with non-overlapping lifetimes which can result in signals being sent to the wrong receivers if two distinct senders happen to have a colliding id() value. Since reproduction of the issue requires memory constrained circumstances where the same exact id() is reused for two senders of the same signal the test opt to simulate the collision by systematically making the same id for Sender instances. Note that we explicitly avoid keeping a strong reference to senders that cannot be weakly referenced as that would unexpectedly prevent them from being garbage collected. This means that id(sender) collisions could still occur for such objects but Django itself doesn't make use of them. Thanks Sjoerd Job Postmus for the reduced test case and Mariusz for the review. Co-authored-by: And Clover <and@doxdesk.com>
2025-04-23Simplified UserManager.with_perm() by using get_backends().Bona Fide IT GmbH
2025-04-22Fixed #36331 -- Reverted "Fixed #36055 -- Prevented overlap of object-tools ↵antoliny0919
buttons and page header in the admin." This reverts commits b1324a680add78de24c763911d0eefa19b9263bc and 02a5cbfe76382da2a0414df17017185be5bd47f9. The former caused a regression in admin sites that relied on the `object-tools` block being inside the `content` block. Thank you to Fabian Braun for the report.
2025-04-17Fixed #36326 -- Added CompositePrimaryKey support in QuerySet.raw().SaJH
Signed-off-by: SaJH <wogur981208@gmail.com>
2025-04-17Fixed #35959 -- Displayed password reset button in admin only when user has ↵Sarah Boyce
sufficient permissions. This change ensures that the "Reset password" button in the admin is shown only when the user has the necessary permission to perform a password change operation. It reuses the password hashing rendering logic in `display_for_field` to show the appropriate read-only widget for users with view-only access.
2025-04-17Refs #35959 -- Added render_password_as_hash auth template tag for password ↵Sarah Boyce
rendering.
2025-04-17Fixed #36314 -- Fixed MinimumLengthValidator error message translation.Ahmed Nassar
Regression in ec7d69035a408b357f1803ca05a7c991cc358cfa. Thank you Gabriel Trouvé for the report and Claude Paroz for the review.
2025-04-17Fixed #28050 -- Added template name to TemplateSyntaxError.farhan
2025-04-16Disabled Chrome browser pop-ups that were interfering with selenium tests.Sarah Boyce
2025-04-16Americanized some spellings.Adam Johnson
2025-04-16Fixed #36274 -- Added support for run_before and atomic in MigrationWriter.Mikuláš Poul
2025-04-11Fixed #36288 -- Addressed improper handling of duplicates in values_list().Simon Charette
Now that selected aliases are stored in sql.Query.selected: dict[str, Any] the values_list() method must ensures that duplicate field name references are assigned unique aliases. Refs #28900. Regression in 65ad4ade74dc9208b9d686a451cd6045df0c9c3a. Thanks Claude for the report.
2025-04-09Sorted imports in django/templatetags/tz.py per isort.Sarah Boyce
2025-04-09Fixed #35986 -- Fixed test classes with @translation.override decorator.Ahmed Nassar
Co-authored-by: Simon Charette <charette.s@gmail.com>
2025-04-07Fixed #36301 -- Fixed select_for_update(of) crash when using ↵Simon Charette
values()/values_list(). Regression in 65ad4ade74dc9208b9d686a451cd6045df0c9c3a which allowed for annotations to be SELECT'ed before model field references through values()/values_list() and broke assumptions the select_for_update(of) table infererence logic had about model fields always being first. Refs #28900. Thanks OutOfFocus4 for the report and Sarah for the test.
2025-04-07Fixed #36298 -- Truncated the overwritten file content in file_move_safe().Sarah Boyce
Regression in 58cd4902a71a3695dd6c21dc957f59c333db364c. Thanks Baptiste Mispelon for the report.
2025-04-05Fixed #36299 -- Prevented field selection on QuerySet.alias() after values().Simon Charette
Regression in 65ad4ade74dc9208b9d686a451cd6045df0c9c3a. Refs #28900. Thanks Jeff Iadarola for the report and tests. Co-Authored-By: OutOfFocus4 <jeff.iadarola@gmail.com>
2025-04-04Fixed #36289 -- Fixed bulk_create() crash with nullable geometry fields on ↵Simon Charette
PostGIS. Swapped to an allow list instead of a deny list for field types to determine if the UNNEST optimization can be enabled to avoid further surprises with other types that would require further specialization to adapt. Regression in a16eedcf9c69d8a11d94cac1811018c5b996d491. Thanks Joshua Goodwin for the report and Sarah Boyce for the test.
2025-04-04Fixed #36255 -- Renamed the admin action button for improved accessibility.koffi
2025-04-03Fixed #36290 -- Made TupleIn() lookup discard tuples containing None.Simon Charette
Just like the In() lookup discards of None members TupleIn() should discard tuples containing any None as NULL != NULL in SQL and the framework expects such queries to be elided under some circumstances. Refs #31667, #36116. Thanks Basptise Mispelon for bisecting the regression to 626d77e.