| Age | Commit message (Expand) | Author |
| 2025-11-05 | [5.2.x] Fixed CVE-2025-64459 -- Prevented SQL injections in Q/QuerySet via th... | Jacob Walls |
| 2025-11-05 | [5.2.x] Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedire... | Jacob Walls |
| 2025-11-04 | [5.2.x] Fixed #36704 -- Fixed system check error for proxy model with a compo... | Hal Blackburn |
| 2025-10-29 | [5.2.x] Added stub release notes and release date for 5.2.8, 5.1.14, and 4.2.26. | Jacob Walls |
| 2025-10-17 | [5.2.x] Refs #35844 -- Doc'd Python 3.14 compatibility. | Mariusz Felisiak |
| 2025-10-14 | [5.2.x] Fixed #36648, Refs #33772 -- Accounted for composite pks in first()/l... | Jacob Walls |
| 2025-10-11 | [5.2.x] Fixed #36646 -- Added compatibility for oracledb 3.4.0. | Simon Charette |
| 2025-10-01 | [5.2.x] Rewrapped security archive at 79 chars. | Mariusz Felisiak |
| 2025-10-01 | [5.2.x] Added CVE-2025-59681 and CVE-2025-59682 to security archive. | Jacob Walls |
| 2025-10-01 | [5.2.x] Added stub release notes for 5.2.8. | Jacob Walls |
| 2025-10-01 | [5.2.x] Fixed CVE-2025-59682 -- Fixed potential partial directory-traversal v... | Sarah Boyce |
| 2025-10-01 | [5.2.x] Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggre... | Mariusz Felisiak |
| 2025-09-30 | [5.2.x] Made cosmetic edits to 5.2.7 release notes. | Jacob Walls |
| 2025-09-24 | [5.2.x] Added stub release notes and release date for 5.2.7, 5.1.13, and 4.2.25. | Mariusz Felisiak |
| 2025-09-18 | [5.2.x] Updated translations from Transifex. | Natalia |
| 2025-09-17 | [5.2.x] Fixed #36601 -- Fixed color contrast of FilteredSelectMultiple widget... | antoliny0919 |
| 2025-09-12 | [5.2.x] Fixed #36597 -- Corrected directives for functions from email module ... | Mridul Dhall |
| 2025-09-04 | [5.2.x] Added missing backticks in docs/releases/security.txt. | Mariusz Felisiak |
| 2025-09-03 | [5.2.x] Added CVE-2025-57833 to security archive. | Sarah Boyce |
| 2025-09-03 | [5.2.x] Added stub release notes for 5.2.7. | Sarah Boyce |
| 2025-09-03 | [5.2.x] Fixed CVE-2025-57833 -- Protected FilteredRelation against SQL inject... | Jake Howard |
| 2025-09-03 | [5.2.x] Made cosmetic edits to 5.2.6 release notes. | Sarah Boyce |
| 2025-08-29 | [5.2.x] Fixed #36431 -- Returned tuples for multi-column ForeignObject in val... | SaJH |
| 2025-08-27 | [5.2.x] Added stub release notes and release date for 5.2.6, 5.1.12, and 4.2.24. | Sarah Boyce |
| 2025-08-22 | [5.2.x] Refs #35530 -- Corrected deprecation message in auth.alogin(). | Mariusz Felisiak |
| 2025-08-20 | [5.2.x] Corrected release notes of calling format_html() without arguments. | Mariusz Felisiak |
| 2025-08-06 | [5.2.x] Added stub release notes for 5.2.6. | Sarah Boyce |
| 2025-08-06 | [5.2.x] Added release date for 5.2.5. | Sarah Boyce |
| 2025-08-05 | [5.2.x] Fixed #36530 -- Extended fields.E347 to check for ManyToManyField inv... | jkhall81 |
| 2025-08-04 | [5.2.x] Fixed #36535 -- Ensured compatibility with docutils 0.19 through 0.22. | Natalia |
| 2025-08-04 | [5.2.x] Fixed #34871, #36518 -- Implemented unresolved lookups expression rep... | Simon Charette |
| 2025-07-28 | [5.2.x] Fixed #36522 -- Added support for filtering composite pks using a tup... | Simon Charette |
| 2025-07-10 | [5.2.x] Fixed #36502 -- Restored UNNEST strategy for foreign key bulk inserts... | Simon Charette |
| 2025-07-02 | [5.2.x] Added release date for 5.2.4. | Natalia |
| 2025-07-02 | [5.2.x] Added stub release notes for 5.2.5. | Natalia |
| 2025-06-30 | [5.2.x] Fixed #36464 -- Fixed "__in" tuple lookup on backends lacking native ... | Simon Charette |
| 2025-06-16 | [5.2.x] Fixed #36453 -- Made When.condition resolve with for_save=False. | Clifford Gama |
| 2025-06-16 | [5.2.x] Fixed #36447 -- Selected preferred media type based on quality. | Jake Howard |
| 2025-06-10 | [5.2.x] Added follow-up to CVE-2025-48432 to security archive. | Sarah Boyce |
| 2025-06-10 | [5.2.x] Added stub release notes for 5.2.4. | Sarah Boyce |
| 2025-06-09 | [5.2.x] Fixed #36446 -- Restored "q" in internal MediaType.params property. | Natalia |
| 2025-06-06 | [5.2.x] Fixed #36419 -- Ensured for_save was propagated when resolving expres... | Clifford Gama |
| 2025-06-06 | [5.2.x] Refs CVE-2025-48432 -- Prevented log injection in remaining response ... | Jake Howard |
| 2025-06-06 | [5.2.x] Updated translations from Transifex. | Sarah Boyce |
| 2025-06-04 | [5.2.x] Added CVE-2025-48432 to security archive. | Natalia |
| 2025-06-04 | [5.2.x] Added stub release notes for 5.2.3. | Natalia |
| 2025-06-04 | [5.2.x] Fixed CVE-2025-48432 -- Escaped formatting arguments in `log_response... | Natalia |
| 2025-06-04 | [5.2.x] Fixed #36432 -- Fixed a prefetch_related crash on related target subc... | Simon Charette |
| 2025-06-03 | [5.2.x] Fixed #36411 -- Made HttpRequest.get_preferred_type() consider media ... | Jake Howard |
| 2025-06-03 | [5.2.x] Fixed #36416 -- Made QuerySet.in_bulk() account for composite pks in ... | Jacob Walls |