| Age | Commit message (Expand) | Author |
| 2026-02-03 | [5.2.x] Fixed CVE-2026-1312 -- Protected order_by() from SQL injection via al... | Jacob Walls |
| 2026-02-03 | [5.2.x] Fixed CVE-2026-1287 -- Protected against SQL injection in column alia... | Jake Howard |
| 2026-02-03 | [5.2.x] Fixed CVE-2026-1285 -- Mitigated potential DoS in django.utils.text.T... | Natalia |
| 2026-02-03 | [5.2.x] Fixed CVE-2026-1207 -- Prevented SQL injections in RasterField lookup... | Jacob Walls |
| 2026-02-03 | [5.2.x] Fixed CVE-2025-14550 -- Optimized repeated header parsing in ASGI req... | Jake Howard |
| 2026-02-03 | [5.2.x] Fixed CVE-2025-13473 -- Standardized timing of check_password() in mo... | Jake Howard |
| 2026-01-27 | [5.2.x] Added stub release notes and release date for 5.2.11 and 4.2.28. | Jacob Walls |
| 2026-01-08 | [5.2.x] Clarified regression nature of data loss bug in docs/releases/5.2.10.... | Tim Graham |
| 2026-01-06 | [5.2.x] Added stub release notes for 5.2.11. | Jacob Walls |
| 2026-01-06 | [5.2.x] Added release date for 5.2.10. | Jacob Walls |
| 2025-12-31 | [5.2.x] Refs #33647 -- Fixed silent data truncation in bulk_create on Postgres. | Simon Charette |
| 2025-12-22 | [5.2.x] Fixed #36376 -- Fixed --no-color for command help in Python 3.14+. | Skyiesac |
| 2025-12-02 | [5.2.x] Added CVE-2025-13372 and CVE-2025-64460 to security archive. | Natalia |
| 2025-12-02 | [5.2.x] Added stub release notes for 5.2.10. | Natalia |
| 2025-12-02 | [5.2.x] Fixed CVE-2025-64460 -- Corrected quadratic inner text accumulation i... | Shai Berger |
| 2025-12-02 | [5.2.x] Fixed CVE-2025-13372 -- Protected FilteredRelation against SQL inject... | Jacob Walls |
| 2025-12-01 | [5.2.x] Fixed #36712 -- Evaluated type annotations lazily in template tag reg... | Jacob Walls |
| 2025-11-26 | [5.2.x] Refs #36743 -- Added missing release notes for 5.1.15 and 4.2.27. | Natalia |
| 2025-11-26 | [5.2.x] Fixed #36743 -- Increased URL max length enforced in HttpResponseRedi... | varunkasyap |
| 2025-11-25 | [5.2.x] Added stub release notes and release date for 5.2.9, 5.1.15, and 4.2.27. | Natalia |
| 2025-11-24 | [5.2.x] Fixed #36751 -- Fixed empty filtered aggregation crash over annotated... | Simon Charette |
| 2025-11-20 | [5.2.x] Added missing ticket links in docs/releases/5.2.8.txt. | Jacob Walls |
| 2025-11-20 | [5.2.x] Fixed #36748 -- Filtered non-standard placeholders from UNNEST queries. | Chris Wesseling |
| 2025-11-18 | [5.2.x] Fixed #36733 -- Escaped attributes in Stylesheet.__str__(). | varunkasyap |
| 2025-11-05 | [5.2.x] Added CVE-2025-64458 and CVE-2025-64459 to security archive. | Natalia |
| 2025-11-05 | [5.2.x] Added stub release notes for 5.2.9. | Natalia |
| 2025-11-05 | [5.2.x] Fixed CVE-2025-64459 -- Prevented SQL injections in Q/QuerySet via th... | Jacob Walls |
| 2025-11-05 | [5.2.x] Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedire... | Jacob Walls |
| 2025-11-04 | [5.2.x] Fixed #36704 -- Fixed system check error for proxy model with a compo... | Hal Blackburn |
| 2025-10-29 | [5.2.x] Added stub release notes and release date for 5.2.8, 5.1.14, and 4.2.26. | Jacob Walls |
| 2025-10-17 | [5.2.x] Refs #35844 -- Doc'd Python 3.14 compatibility. | Mariusz Felisiak |
| 2025-10-14 | [5.2.x] Fixed #36648, Refs #33772 -- Accounted for composite pks in first()/l... | Jacob Walls |
| 2025-10-11 | [5.2.x] Fixed #36646 -- Added compatibility for oracledb 3.4.0. | Simon Charette |
| 2025-10-01 | [5.2.x] Rewrapped security archive at 79 chars. | Mariusz Felisiak |
| 2025-10-01 | [5.2.x] Added CVE-2025-59681 and CVE-2025-59682 to security archive. | Jacob Walls |
| 2025-10-01 | [5.2.x] Added stub release notes for 5.2.8. | Jacob Walls |
| 2025-10-01 | [5.2.x] Fixed CVE-2025-59682 -- Fixed potential partial directory-traversal v... | Sarah Boyce |
| 2025-10-01 | [5.2.x] Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggre... | Mariusz Felisiak |
| 2025-09-30 | [5.2.x] Made cosmetic edits to 5.2.7 release notes. | Jacob Walls |
| 2025-09-24 | [5.2.x] Added stub release notes and release date for 5.2.7, 5.1.13, and 4.2.25. | Mariusz Felisiak |
| 2025-09-18 | [5.2.x] Updated translations from Transifex. | Natalia |
| 2025-09-17 | [5.2.x] Fixed #36601 -- Fixed color contrast of FilteredSelectMultiple widget... | antoliny0919 |
| 2025-09-12 | [5.2.x] Fixed #36597 -- Corrected directives for functions from email module ... | Mridul Dhall |
| 2025-09-04 | [5.2.x] Added missing backticks in docs/releases/security.txt. | Mariusz Felisiak |
| 2025-09-03 | [5.2.x] Added CVE-2025-57833 to security archive. | Sarah Boyce |
| 2025-09-03 | [5.2.x] Added stub release notes for 5.2.7. | Sarah Boyce |
| 2025-09-03 | [5.2.x] Fixed CVE-2025-57833 -- Protected FilteredRelation against SQL inject... | Jake Howard |
| 2025-09-03 | [5.2.x] Made cosmetic edits to 5.2.6 release notes. | Sarah Boyce |
| 2025-08-29 | [5.2.x] Fixed #36431 -- Returned tuples for multi-column ForeignObject in val... | SaJH |
| 2025-08-27 | [5.2.x] Added stub release notes and release date for 5.2.6, 5.1.12, and 4.2.24. | Sarah Boyce |