| Age | Commit message (Expand) | Author |
| 2025-10-01 | [5.2.x] Fixed CVE-2025-59682 -- Fixed potential partial directory-traversal v... | Sarah Boyce |
| 2025-10-01 | [5.2.x] Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggre... | Mariusz Felisiak |
| 2025-09-30 | [5.2.x] Made cosmetic edits to 5.2.7 release notes. | Jacob Walls |
| 2025-09-24 | [5.2.x] Added stub release notes and release date for 5.2.7, 5.1.13, and 4.2.25. | Mariusz Felisiak |
| 2025-09-18 | [5.2.x] Updated translations from Transifex. | Natalia |
| 2025-09-17 | [5.2.x] Fixed #36601 -- Fixed color contrast of FilteredSelectMultiple widget... | antoliny0919 |
| 2025-09-12 | [5.2.x] Fixed #36597 -- Corrected directives for functions from email module ... | Mridul Dhall |
| 2025-09-04 | [5.2.x] Added missing backticks in docs/releases/security.txt. | Mariusz Felisiak |
| 2025-09-03 | [5.2.x] Added CVE-2025-57833 to security archive. | Sarah Boyce |
| 2025-09-03 | [5.2.x] Added stub release notes for 5.2.7. | Sarah Boyce |
| 2025-09-03 | [5.2.x] Fixed CVE-2025-57833 -- Protected FilteredRelation against SQL inject... | Jake Howard |
| 2025-09-03 | [5.2.x] Made cosmetic edits to 5.2.6 release notes. | Sarah Boyce |
| 2025-08-29 | [5.2.x] Fixed #36431 -- Returned tuples for multi-column ForeignObject in val... | SaJH |
| 2025-08-27 | [5.2.x] Added stub release notes and release date for 5.2.6, 5.1.12, and 4.2.24. | Sarah Boyce |
| 2025-08-22 | [5.2.x] Refs #35530 -- Corrected deprecation message in auth.alogin(). | Mariusz Felisiak |
| 2025-08-20 | [5.2.x] Corrected release notes of calling format_html() without arguments. | Mariusz Felisiak |
| 2025-08-06 | [5.2.x] Added stub release notes for 5.2.6. | Sarah Boyce |
| 2025-08-06 | [5.2.x] Added release date for 5.2.5. | Sarah Boyce |
| 2025-08-05 | [5.2.x] Fixed #36530 -- Extended fields.E347 to check for ManyToManyField inv... | jkhall81 |
| 2025-08-04 | [5.2.x] Fixed #36535 -- Ensured compatibility with docutils 0.19 through 0.22. | Natalia |
| 2025-08-04 | [5.2.x] Fixed #34871, #36518 -- Implemented unresolved lookups expression rep... | Simon Charette |
| 2025-07-28 | [5.2.x] Fixed #36522 -- Added support for filtering composite pks using a tup... | Simon Charette |
| 2025-07-10 | [5.2.x] Fixed #36502 -- Restored UNNEST strategy for foreign key bulk inserts... | Simon Charette |
| 2025-07-02 | [5.2.x] Added release date for 5.2.4. | Natalia |
| 2025-07-02 | [5.2.x] Added stub release notes for 5.2.5. | Natalia |
| 2025-06-30 | [5.2.x] Fixed #36464 -- Fixed "__in" tuple lookup on backends lacking native ... | Simon Charette |
| 2025-06-16 | [5.2.x] Fixed #36453 -- Made When.condition resolve with for_save=False. | Clifford Gama |
| 2025-06-16 | [5.2.x] Fixed #36447 -- Selected preferred media type based on quality. | Jake Howard |
| 2025-06-10 | [5.2.x] Added follow-up to CVE-2025-48432 to security archive. | Sarah Boyce |
| 2025-06-10 | [5.2.x] Added stub release notes for 5.2.4. | Sarah Boyce |
| 2025-06-09 | [5.2.x] Fixed #36446 -- Restored "q" in internal MediaType.params property. | Natalia |
| 2025-06-06 | [5.2.x] Fixed #36419 -- Ensured for_save was propagated when resolving expres... | Clifford Gama |
| 2025-06-06 | [5.2.x] Refs CVE-2025-48432 -- Prevented log injection in remaining response ... | Jake Howard |
| 2025-06-06 | [5.2.x] Updated translations from Transifex. | Sarah Boyce |
| 2025-06-04 | [5.2.x] Added CVE-2025-48432 to security archive. | Natalia |
| 2025-06-04 | [5.2.x] Added stub release notes for 5.2.3. | Natalia |
| 2025-06-04 | [5.2.x] Fixed CVE-2025-48432 -- Escaped formatting arguments in `log_response... | Natalia |
| 2025-06-04 | [5.2.x] Fixed #36432 -- Fixed a prefetch_related crash on related target subc... | Simon Charette |
| 2025-06-03 | [5.2.x] Fixed #36411 -- Made HttpRequest.get_preferred_type() consider media ... | Jake Howard |
| 2025-06-03 | [5.2.x] Fixed #36416 -- Made QuerySet.in_bulk() account for composite pks in ... | Jacob Walls |
| 2025-06-02 | [5.2.x] Fixed #36423 -- Prevented filter_horizontal buttons from intercepting... | Blayze |
| 2025-05-28 | [5.2.x] Added stub release notes and release date for 5.2.2, 5.1.10, and 4.2.22. | Natalia |
| 2025-05-23 | [5.2.x] Fixed #36405 -- Fixed OrderableAggMixin.order_by using OuterRef. | Adam Johnson |
| 2025-05-23 | [5.2.x] Fixed #36404 -- Fixed Aggregate.filter using OuterRef. | Adam Johnson |
| 2025-05-23 | [5.2.x] Fixed #36390 -- Deprecated RemoteUserMiddleware subclasses missing ap... | Sarah Boyce |
| 2025-05-19 | [5.2.x] Fixed #36388 -- Made QuerySet.union() return self when called with no... | Colleen Dunlap |
| 2025-05-16 | [5.2.x] Fixed #36392 -- Raised ValueError when subquery referencing composite... | Jacob Walls |
| 2025-05-12 | [5.2.x] Fixed #36373 -- Fixed select_related() crash on foreign object for a ... | Simon Charette |
| 2025-05-09 | [5.2.x] Refs #35980 -- Added release note about changes in release artifacts ... | Natalia |
| 2025-05-09 | [5.2.x] Removed "Expected" from release date for 5.2.1, 5.1.9, and 4.2.21. | Natalia |