| Age | Commit message (Expand) | Author |
|---|
| 2026-04-30 | [6.0.x] Fixed typo in stub release notes for 5.2.14.stable/6.0.x | Jacob Walls |
| 2026-04-29 | [6.0.x] Fixed #37067 -- Added trailing slash in django_file_prefixes(). | Fashad Ahmed |
| 2026-04-28 | [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14. | Sarah Boyce |
| 2026-04-14 | [6.0.x] Fixed #37029 -- Corrected placement of </div> in change_list.html's p... | Tim Graham |
| 2026-04-07 | [6.0.x] Added CVE-2026-3902, CVE-2026-4277, CVE-2026-4292, CVE-2026-33033, an... | Jacob Walls |
| 2026-04-07 | [6.0.x] Added stub release notes for 6.0.5. | Jacob Walls |
| 2026-04-07 | [6.0.x] Fixed CVE-2026-33034 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE on body ... | Natalia |
| 2026-04-07 | [6.0.x] Fixed CVE-2026-33033 -- Mitigated potential DoS in MultiPartParser. | Natalia |
| 2026-04-07 | [6.0.x] Fixed CVE-2026-4292 -- Disallowed instance creation via ModelAdmin.li... | Jacob Walls |
| 2026-04-07 | [6.0.x] Fixed CVE-2026-4277 -- Checked add permissions in GenericInlineModelA... | Jacob Walls |
| 2026-04-07 | [6.0.x] Fixed CVE-2026-3902 -- Ignored headers with underscores in ASGIRequest. | Jacob Walls |
| 2026-04-02 | [6.0.x] Fixed #36973 -- Made fields.E348 check detect further clashes between... | Clifford Gama |
| 2026-04-02 | [6.0.x] Fixed #36949 -- Improved RelatedFieldWidgetWrapper <label>s. | David Smith |
| 2026-04-02 | [6.0.x] Fixed #37017 -- Fixed setting or clearing of request.user after alogi... | Jacob Walls |
| 2026-03-31 | [6.0.x] Added stub release notes and release date for 6.0.4, 5.2.13, and 4.2.30. | Jacob Walls |
| 2026-03-03 | [6.0.x] Added CVE-2026-25673 and CVE-2026-25674 to security archive. | Natalia |
| 2026-03-03 | [6.0.x] Added stub release notes for 6.0.4. | Natalia |
| 2026-03-03 | [6.0.x] Fixed CVE-2026-25674 -- Prevented potentially incorrect permissions o... | Natalia |
| 2026-03-03 | [6.0.x] Fixed CVE-2026-25673 -- Simplified URLField scheme detection. | Natalia |
| 2026-03-02 | [6.0.x] Fixed #36961 -- Fixed TypeError in deprecation warnings if Django is ... | Jacob Walls |
| 2026-02-25 | [6.0.x] Fixed #36951 -- Removed empty exc_info from log_task_finished signal ... | Elias Hernandis |
| 2026-02-24 | [6.0.x] Added stub release notes and release date for 6.0.3, 5.2.12, and 4.2.29. | Natalia |
| 2026-02-20 | [6.0.x] Fixed #36920 -- Fixed alignment of fieldset legends in wide admin forms. | usman |
| 2026-02-20 | [6.0.x] Fixed #36934, Refs #35972 -- Coped with params in a tuple in BuiltinL... | Jacob Walls |
| 2026-02-10 | [6.0.x] Fixed #36903 -- Fixed further NameErrors when inspecting functions wi... | 93578237 |
| 2026-02-10 | [6.0.x] Added stub release notes for 5.2.12. | Jacob Walls |
| 2026-02-10 | [6.0.x] Refs #35444 -- Doc'd deprecation in contrib.postgres.aggreggates.Stri... | Jacob Walls |
| 2026-02-03 | [6.0.x] Added CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285, C... | Jacob Walls |
| 2026-02-03 | [6.0.x] Added stub release notes for 6.0.3. | Jacob Walls |
| 2026-02-03 | [6.0.x] Fixed CVE-2026-1312 -- Protected order_by() from SQL injection via al... | Jacob Walls |
| 2026-02-03 | [6.0.x] Fixed CVE-2026-1287 -- Protected against SQL injection in column alia... | Jake Howard |
| 2026-02-03 | [6.0.x] Fixed CVE-2026-1285 -- Mitigated potential DoS in django.utils.text.T... | Natalia |
| 2026-02-03 | [6.0.x] Fixed CVE-2026-1207 -- Prevented SQL injections in RasterField lookup... | Jacob Walls |
| 2026-02-03 | [6.0.x] Fixed CVE-2025-14550 -- Optimized repeated header parsing in ASGI req... | Jake Howard |
| 2026-02-03 | [6.0.x] Fixed CVE-2025-13473 -- Standardized timing of check_password() in mo... | Jake Howard |
| 2026-02-02 | [6.0.x] Fixed #36788 -- Fixed horizontal form field alignment under <fieldset... | Jacob Walls |
| 2026-01-29 | [6.0.x] Fixed #36847 -- Ensured auto_now_add fields are set on pre_save(). | Nilesh Kumar Pahari |
| 2026-01-27 | [6.0.x] Added stub release notes and release date for 6.0.2, 5.2.11, and 4.2.28. | Jacob Walls |
| 2026-01-26 | [6.0.x] Fixed #36850 -- Prevented admin filter sidebar from wrapping below th... | Nilesh Kumar Pahari |
| 2026-01-14 | [6.0.x] Fixed #36855, Refs #27222 -- Mentioned multiple invocations of Field.... | kundan223 |
| 2026-01-08 | [6.0.x] Clarified regression nature of data loss bug in docs/releases/6.0.1.t... | Tim Graham |
| 2026-01-06 | [6.0.x] Added stub release notes for 6.0.2. | Jacob Walls |
| 2026-01-06 | [6.0.x] Added stub release notes for 5.2.11. | Jacob Walls |
| 2026-01-06 | [6.0.x] Added release date for 6.0.1. | Jacob Walls |
| 2026-01-06 | [6.0.x] Added release date for 5.2.10. | Jacob Walls |
| 2026-01-05 | [6.0.x] Fixed #36843, #36793 -- Reverted "Fixed #27489 -- Renamed permissions... | Jacob Walls |
| 2025-12-31 | [6.0.x] Refs #33647 -- Fixed silent data truncation in bulk_create on Postgres. | Simon Charette |
| 2025-12-31 | [6.0.x] Fixed #36829 -- Reverted value of ClearableFileInput.use_fieldset to ... | Johannes Maron |
| 2025-12-26 | [6.0.x] Fixed #36796 -- Handled lazy routes correctly in RoutePattern.match(). | kundan223 |
| 2025-12-24 | [6.0.x] Refs #36810 -- Avoided infinite recursion in LazyNonce.__repr__(). | Sean Reed |
