summaryrefslogtreecommitdiff
path: root/docs/ref
AgeCommit message (Collapse)Author
2024-09-03[4.2.x] Fixed CVE-2024-45231 -- Avoided server error on password reset when ↵Natalia
email sending fails. On successful submission of a password reset request, an email is sent to the accounts known to the system. If sending this email fails (due to email backend misconfiguration, service provider outage, network issues, etc.), an attacker might exploit this by detecting which password reset requests succeed and which ones generate a 500 error response. Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam Johnson, and Sarah Boyce for the reviews.
2024-09-03[4.2.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and ↵Sarah Boyce
urlizetrunc template filters. Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
2024-07-25[4.2.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ↵Lorenzo Peña
ValueError in get_supported_language_variant(). LocaleMiddleware didn't handle the ValueError raised by get_supported_language_variant() when language codes were over 500 characters. Regression in 9e9792228a6bb5d6402a5d645bc3be4cf364aefb. Backport of 0e94f292cda632153f2b3d9a9037eb0141ae9c2e from main.
2024-07-09[4.2.x] Fixed CVE-2024-39614 -- Mitigated potential DoS in ↵Sarah Boyce
get_supported_language_variant(). Language codes are now parsed with a maximum length limit of 500 chars. Thanks to MProgrammer for the report.
2023-11-28[4.2.x] Removed link to lawrence.com in contrib.sites docs.Adam Johnson
lawrence.com has since become a redirect to LJWorld.com, making the link pointless. Backport of 9e7ac5890147a8271eb5eb19bb88ab93dadc6c6d from main
2023-11-23[4.2.x] Fixed #34990 -- Changed link to OWASP in CSRF docs.Tim Schilling
The OWASP site is the standard resource for web application security information. Backport of aceee39d44994df20d13104e55ae61845d7a1e95 from main
2023-11-15[4.2.x] Refs #33690 -- Added missing data-theme selector to example in ↵William Hayes
theming support docs. Backport of 640283711e6c8d25ad0e3c97453cd178a3e4d6a6 from main
2023-11-09[4.2.x] Fixed #34457 -- Restored output for makemigrations --check.Adam Johnson
Co-authored-by: David Sanders <shang.xiao.sanders@gmail.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Backport of f7389c4b07ceeb036436e065898e411b247bca78 from main
2023-11-02[4.2.x] Fixed #34813 -- Doc'd usage of integrity HTML attribute with ↵Patrick Rauscher
ManifestStaticFilesStorage. Backport of 116e225266c511dfc0bfc96c8497e9c8aaa4d004 from main
2023-10-28[4.2.x] Fixed typos in docs/ref/models/expressions.txt.Sarah Boyce
Backport of 8992a0489c01ac8ab7283264a315c005511323e2 from main
2023-10-27[4.2.x] Fixed typo in docs/ref/contrib/gis/geos.txt.Izzy Hyman
Backport of c42250a7039a5ace1b482b30c6a1359b748cae65 from main
2023-10-11[4.2.x] Fixed #34808 -- Doc'd aggregate function's default argument.lufafajoshua
Backport of 8adc7c86ab85ed91e512bc49056e301cbe1715d0 from main
2023-10-06[4.2.x] Refs #32275 -- Added scrypt password hasher to PASSWORD_HASHERS ↵ume
setting docs. Backport of 90c75dc4f37bee19b7c3790519d187e38e293800 from main
2023-10-05[4.2.x] Refs #31435 -- Doc'd potential infinite recursion when accessing ↵David Sanders
model fields in __init__. Backport of e47298aec4fa04416e7082331fbd44bd9f2662aa from main
2023-10-04[4.2.x] Corrected wrap_socket() reference in docs/ref/settings.txt.Mariusz Felisiak
Backport of f9cdecfb0de40698eb2ce44c04068bb091fa8998 from main
2023-10-04[4.2.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in ↵Natalia
django.utils.text.Truncator when truncating HTML text. Thanks Wenchao Li of Alibaba Group for the report.
2023-09-27[4.2.x] Added warning about flatpages and untrusted users.Mariusz Felisiak
Backport of 571bab98879578b6ef54ee654ead06736855767d from main
2023-09-21[4.2.x] Refs #34808 -- Doc'd that aggregation functions on empty groups can ↵David Sanders
return None. Backport of 78b5c9075348aa12da2e024f6ece29d1d652dfdd from main
2023-09-16[4.2.x] Corrected QuerySet.prefetch_related() note about GenericRelation().Mariusz Felisiak
GenericRelation is a reverse generic relationship so it's always homogeneous. Mentioning this as a restriction is confusing. Backport of 88b5b7b8e56667b0f55ea6f04038b6ac77c57b98 from main
2023-09-14[4.2.x] Doc'd HttpResponse.cookies.Michele Mazzucchi
Backport of 5bfb3cbf49e2b9701e7c42989e14a72374adb6bd from main
2023-08-22[4.2.x] Fixed #34781 -- Updated logging ref docs for django.server's request ↵Keryn Knight
extra context value. Backport of 428023e2677aeb80d86b19f90b0c6b82c7cb666d from main
2023-08-01[4.2.x] Corrected pycon formatting in some docs.Almaz Kunpeissov
Backport of 5a3725594faacc412e2d2b4ed160370228f1a118 from main
2023-07-28[4.2.x] Fixed #34749 -- Corrected QuerySet.acreate() signature in docs.John Parton
Backport of af0c5caff72e5ffda4dff708a57e37ae4778197d from main
2023-07-24[4.2.x] Refs #34712 -- Doc'd that defining STORAGES overrides the default ↵Bruno Alla
configuration. Backport of 86561844ce66cda3e6a8c22d4ace4c2d1bc1f2e7 from main
2023-07-21[4.2.x] Added missing backticks in docs.Mariusz Felisiak
Backport of 02376f1f53db24039c200ef4818d96accf16a88b from main
2023-07-20[4.2.x] Fixed typo in docs/ref/models/querysets.txt.nessita
Removed assignment in example for Blog annotation to match shown result. Backport of addbc90049083f1d5f7ac138ed00111b71a75233 from main
2023-07-20[4.2.x] Refs #30052 -- Clarified that defer() and only() do not work with ↵Vyacheslav Dmitriev
aggregated fields. Backport of b126f694160c4641e64e57dba6b022f06fbfa745 from main
2023-07-18Added reference to TypedChoiceField in ChoiceField docs.David Sanders
2023-07-03[4.2.x] Fixed #33405, Refs #7177 -- Clarified docs for filter escapejs ↵Jon Ribbens
regarding safe and unsafe usages. Backport of adfb3dfa89b62ee0c838a64d3d480c03dd3ec869 from main
2023-07-03[4.2.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator ↵Mariusz Felisiak
and URLValidator. Thanks Seokchan Yoon for reports.
2023-06-27[4.2.x] Added dedicated section for output_field in query expressions docs.nessita
Backport of 679928834295ebd874ede667dbaae8a7945d3580 from main
2023-06-27[4.2.x] Fixed typo in docs/ref/models/querysets.txt.Mariusz Felisiak
Backport of c4a09499aa760c92969083b4639703b5b0a562fb from main
2023-06-20[4.2.x] Corrected admin.E013 check message in docs.Mariusz Felisiak
Backport of ddb6506618ea52c6b20e97eefad03ed847a1e3de from main
2023-06-01[4.2.x] Fixed #34595 -- Doc'd that format_string arg of format_html() is not ↵AP Jama
escaped. Backport of 4037223d0f12c44ecd6f369ccbabcbd279a1bdbc from main
2023-05-31[4.2.x] Fixed #34600 -- Removed references to bleach in docs.Akash Kumar Sen
Backport of b0a6cc7f5738d6b959faf10354b772338f611fd9 from main
2023-05-26[4.2.x] Fixed #34574 -- Noted unexpected outcomes in autoescape/escape docs.Natalia
Backport of 1a59a324cec5caf12ea0c4947564828aa7bda02a from main.
2023-05-24[4.2.x] Corrected documentation of Log database function.Stefan Brand
Backport of eb9df03a43f34c44131ec3a295643327b8a68bb4 from main
2023-05-17[4.2.x] Fixed #34568 -- Made makemigrations --update respect --name option.Mariusz Felisiak
Thanks David Sanders for the report. Backport of c52f4295f254e1c14af769d22b1a5f516a941f58 from main
2023-05-17[4.2.x] Updated broken links in docs.Mariusz Felisiak
Backport of 93830abf7694e0f281931f10eeaa34993855e7dd from main
2023-05-12[4.2.x] Fixed #34556 -- Doc'd that StreamingHttpResponse accepts memoryviews ↵Alexerson
and strings iterators. Backport of 599f3e2cda50ab084915ffd08edb5ad6cad61415 from main
2023-05-12[4.2.x] Clarified database connections lifetime outside HTTP requests.Alberto Sottile
Backport of e901407e2369ddb16a5c866e1f2fbf8ea8acf549 from main
2023-05-07[4.2.x] Corrected code-block directive in docs/ref/templates/builtins.txt.Pan Dango
Backport of 12ec80726f33e8dbd80de3cecf48d76ac4c0aa89 from main
2023-05-04[4.2.x] Corrected code-block directives in docs.Jannis Vajen
Backport of 024954aad4c422a091b7afab42fff1a9d7478fce from main
2023-04-27[4.2.x] Refs #33662 -- Corrected Sitemap.get_languages_for_item() signature ↵Andrei Shabanski
in docs. Backport of 5c456a879300e5f51010d3f6aa7449302413efed from main
2023-04-27[4.2.x] Doc'd that Count("*") is equivalent to COUNT(*) SQL.Tom Forbes
Backport of 23d24f82a7450ef5d369845e18cc0130be5bac6c from main
2023-04-21[4.2.x] Added meaningful titles to ..admonition:: directives.Mariusz Felisiak
Backport of c487634c106888effbba680e02269e489ab911a6 from main
2023-04-20[4.2.x] Fixed #34440 -- Doc'd that & queryset operator works similar to ↵David Sanders
chaining. Backport of 0494efddc422716431b92896899284b6afebb23a from main
2023-04-19[4.2.x] Fixed #34435 -- Doc'd that JSONField.default must be a callable.Sage Abdullah
Backport of 01ae9d4ca9afdaf30a247e10e8333261a7d8224c from main
2023-04-17[4.2.x] Added Snowflake to list of third-party DB backends.Tim Graham
Backport of 57f2b935b34d148c3c0d906fc8256765004b7b77 from main
2023-04-17[4.2.x] Used extlinks for PyPI links.Tim Graham
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Backport of 2c4dc6476083c853b654e462c7ff65dbe0334c9e from main