| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-08-28 | Refs #16055 -- Adjusted deprecation warning stacklevel in ↵ | Simon Charette | |
| get_joining_columns()/get_reverse_joining_columns(). | |||
| 2024-08-28 | Refs #12581 -- Adjusted warning stacklevel in queries ring buffer. | Simon Charette | |
| 2024-08-27 | Refs #34609 -- Fixed deprecation warning stack level in format_html(). | Adam Johnson | |
| Co-authored-by: Simon Charette <charette.s@gmail.com> | |||
| 2024-08-23 | Fixed #35703 -- Made technical_404_response() respect SCRIPT_NAME to return ↵ | Maarten Breddels | |
| default_urlconf(). | |||
| 2024-08-23 | Fixed #35689 -- Handled custom labels in LabelCommand.missing_args_message. | Giovanni Fabbretti | |
| 2024-08-20 | Fixed #35686 -- Added table headers to app list tables for screen readers. | Sarah Boyce | |
| 2024-08-20 | Fixed #35668 -- Added mapping support to format_html_join. | nabil-rady | |
| 2024-08-19 | Fixed #35678 -- Removed "usable_password" field from BaseUserCreationForm. | Natalia | |
| Refs #34429: Following the implementation allowing the setting of unusable passwords via the admin site, the `BaseUserCreationForm` and `UserCreationForm` were extended to include a new field for choosing whether password-based authentication for the new user should be enabled or disabled at creation time. Given that these forms are designed to be extended when implementing custom user models, this branch ensures that this new field is moved to a new, admin-dedicated, user creation form `AdminUserCreationForm`. Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3. Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for the review. | |||
| 2024-08-13 | Fixed #35665 -- Fixed a crash when passing an empty order_by to Window. | Simon Charette | |
| This also caused un-ordered sliced prefetches to crash as they rely on Window. Regression in e16d0c176e9b89628cdec5e58c418378c4a2436a that made OrderByList piggy-back ExpressionList without porting the empty handling that the latter provided. Supporting explicit empty ordering on Window functions and slicing is arguably a foot-gun design due to how backends will return undeterministic results but this is a problem that requires a larger discussion. Refs #35064. Thanks Andrew Backer for the report and Mariusz for the review. | |||
| 2024-08-12 | Fixed #35648 -- Raised NotImplementedError in SafeString.__add__ for ↵ | Matthias Kestenholz | |
| non-string RHS. This change ensures SafeString addition operations handle non-string RHS properly, allowing them to implement __radd__ for better compatibility. | |||
| 2024-08-12 | Marked missing part of warning footer for translation in SelectFilter2.js. | Marc Picaud | |
| 2024-08-12 | Fixed #35586 -- Added support for set-returning database functions. | Devin Cox | |
| Aggregation optimization didn't account for not referenced set-returning annotations on Postgres. Co-authored-by: Simon Charette <charette.s@gmail.com> | |||
| 2024-08-12 | Fixed #35575 -- Added support for constraint validation on GeneratedFields. | Mark Gensler | |
| 2024-08-12 | Refs #35591 -- Removed hardcoded "stable" version in runserver warning. | Mariusz Felisiak | |
| 2024-08-09 | Fixed #35658 -- Initialized InMemoryFileNode instances with a name. | lucasesposito | |
| 2024-08-09 | Fixed #35591 -- Added unsuitable for production console warning to runserver. | Andrew Miller | |
| 2024-08-08 | Fixed #35622 -- Made unittest ignore Django assertions in traceback frames. | Adam Johnson | |
| Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-08-07 | Fixed #35639 -- Improved admin's delete confirmation page title. | Matthias Kestenholz | |
| 2024-08-07 | Updated translations from Transifex. | Natalia | |
| Forwardport of 380c6e6ddd7890fbe65826873579ef6e3af0c07d from stable/5.1.x. | |||
| 2024-08-07 | Fixed #35553 -- Handled import*as in HashedFilesMixin. | Farhan | |
| 2024-08-06 | Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks ↵ | Simon Charette | |
| against JSON fields. Thanks Eyal (eyalgabay) for the report. | |||
| 2024-08-06 | Fixed CVE-2024-41991 -- Prevented potential ReDoS in ↵ | Mariusz Felisiak | |
| django.utils.html.urlize() and AdminURLFieldWidget. Thanks Seokchan Yoon for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2024-08-06 | Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc ↵ | Sarah Boyce | |
| template filters. Thanks to MProgrammer for the report. | |||
| 2024-08-06 | Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat. | Sarah Boyce | |
| Thanks Elias Myllymäki for the report. Co-authored-by: Shai Berger <shai@platonix.com> | |||
| 2024-08-05 | Fixed #35657 -- Made FileField handle db_default values. | Sarah Boyce | |
| 2024-08-05 | Fixed #35638 -- Updated validate_constraints to consider db_default. | David Sanders | |
| 2024-08-05 | Refs #35638 -- Avoided wrapping expressions with Value in ↵ | David Sanders | |
| _get_field_value_map() and renamed to _get_field_expression_map(). | |||
| 2024-08-05 | Fixed #35628 -- Allowed compatible GeneratedFields for ↵ | John Parton | |
| ModelAdmin.date_hierarchy. | |||
| 2024-08-05 | Fixed #35645, Refs #35558 -- Added "medium" color in the admin CSS to ↵ | Natalia | |
| improve accessibility of headings. | |||
| 2024-08-05 | Refs #35537 -- Improved documentation and test coverage for email ↵ | Jake Howard | |
| attachments and alternatives. | |||
| 2024-08-03 | Fixed #35655 -- Reverted "Fixed #35295 -- Used INSERT with multiple rows on ↵ | Sarah Boyce | |
| Oracle 23c." This reverts commit 175b04942afaff978013db61495f3b39ea12989b due to a crash when Oracle > 23.3. | |||
| 2024-08-02 | Fixed #35643 -- Fixed a crash when ordering a QuerySet by a reference ↵ | Simon Charette | |
| containing "__". Regression in b0ad41198b3e333f57351e3fce5a1fb47f23f376. Refs #34013. The initial logic did not consider that annotation aliases can include lookup or transform separators. Thanks Gert Van Gool for the report and Mariusz Felisiak for the review. | |||
| 2024-08-02 | Fixed #35601 -- Added TelInput widget. | lucasesposito | |
| 2024-08-02 | Fixed #35599 -- Added ColorInput widget. | arjunomray | |
| 2024-08-02 | Fixed #35489 -- Fixed vertical alignment of raw_id_fields widget. | Vaarun Sinha | |
| Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2024-08-01 | Fixed #35646 -- Extended SafeExceptionReporterFilter.hidden_settings to ↵ | Markus Holtermann | |
| treat `AUTH` as a sensitive match. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-08-01 | Refs #373 -- Added tuple lookups. | Bendeguz Csirmaz | |
| 2024-08-01 | Reverted "Fixed #28646 -- Prevented duplicate index when unique is set to ↵ | Sarah Boyce | |
| True on PostgreSQL." This reverts commit 9cf9c796be8dd53bc3b11355ff39d65c81d7be6d due to a crash on Oracle as it didn't allow multiple indexes on the same field. | |||
| 2024-07-31 | Fixed #35598 -- Added SearchInput widget. | Jeremy Thompson | |
| 2024-07-30 | Fixed #28646 -- Prevented duplicate index when unique is set to True on ↵ | Ben Cail | |
| PostgreSQL. | |||
| 2024-07-29 | Refs #35074 -- Simplified and unified adding spatial indexes on MySQL and ↵ | Mariusz Felisiak | |
| Oracle. This uses `deferred_sql` and `_field_indexes_sql()` instead of custom hooks on MySQL. | |||
| 2024-07-25 | Fixed #35627 -- Raised a LookupError rather than an unhandled ValueError in ↵ | Lorenzo Peña | |
| get_supported_language_variant(). LocaleMiddleware didn't handle the ValueError raised by get_supported_language_variant() when language codes were over 500 characters. Regression in 9e9792228a6bb5d6402a5d645bc3be4cf364aefb. | |||
| 2024-07-25 | Fixed #35331 -- Updated dropdown lists with entries added via the '+' sign ↵ | Devin Cox | |
| from M2M field. | |||
| 2024-07-25 | Fixed #35625 -- Fixed a crash when adding a field with db_default and check ↵ | Simon Charette | |
| constraint. This is the exact same issue as refs #30408 but for creating a model with a constraint containing % escapes instead of column addition. All of these issues stem from a lack of SQL and parameters separation from the BaseConstraint DDL generating methods preventing them from being mixed with other parts of the schema alteration logic that do make use of parametrization on some backends (e.g. Postgres, MySQL for DEFAULT). Prior to the addition of Field.db_default and GeneratedField in 5.0 parametrization of DDL was never exercised on model creation so this is effectively a bug with db_default as the GeneratedField case was addressed by refs #35336. Thanks Julien Chaumont for the report and Mariusz Felisiak for the review. | |||
| 2024-07-24 | Fixed #35604, Refs #35326 -- Made FileSystemStorage.exists() behaviour ↵ | Sarah Boyce | |
| independent from allow_overwrite. Partially reverts 0b33a3abc2ca7d68a24f6d0772bc2b9fa603744e. Storage.exists(name) was documented to "return False if the name is available for a new file." but return True if the file exists. This is ambiguous in the overwrite file case. It will now always return whether the file exists. Thank you to Natalia Bidart and Josh Schneier for the review. | |||
| 2024-07-24 | Fixed #35541 -- Fixed paginator border in admin CSS. | arjunomray | |
| 2024-07-23 | Fixed #35585 -- Corrected Query.exists() call in Query.has_results(). | Flavio Curella | |
| 2024-07-22 | Applied optimizations to template.utils.get_app_template_dirs(). | sobolevn | |
| 2024-07-22 | Fixed typo in django/test/testcases.py docstring. | Jacob Walls | |
| 2024-07-22 | Fixed #35614 -- Prevented SQLCompiler.as_subquery_condition() from mutating ↵ | Bendeguz Csirmaz | |
| a query. | |||
