summaryrefslogtreecommitdiff
path: root/docs/releases
AgeCommit message (Collapse)Author
2021-05-26Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24.Carlton Gibson
2021-05-26Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for ↵Hasan Ramezani
template changes.
2021-05-21Fixed #32375 -- Started deprecation toward changing the default sitemap ↵Rohith PR
protocol to https. The default sitemap protocol, when it is built outside the context of a request, will be changed from 'http' to 'https' in Django 5.0.
2021-05-20Changed IRC references to Libera.Chat.Mariusz Felisiak
2021-05-20Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and ↵David Sanders
log_deletion() methods.
2021-05-19Fixed #32740 -- Caught possible exception when initializing colorama.Carlton Gibson
2021-05-18Fixed #32379 -- Started deprecation toward changing default USE_TZ to True.Claude Paroz
Co-authored-by: Nick Pope <nick@nickpope.me.uk> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-18Fixed #32747 -- Prevented initialization of unused caches.Mariusz Felisiak
Thanks Alexander Ebral for the report. Regression in 98e05ccde440cc9b768952cc10bc8285f4924e1f.
2021-05-18Fixed #32733 -- Skipped system check for specifying type of auto-created ↵Rust Saiargaliev
primary keys on abstract models. Regression in b5e12d490af3debca8c55ab3c1698189fdedbbdb.
2021-05-18Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME.Slava Skvortsov
Regression in ba31b0103442ac891fb3cb98f316781254e366c3.
2021-05-17Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS.Nick Pope
2021-05-17Refs #32720 -- Fixed some broken links in docs.Nick Pope
2021-05-17Refs #32720 -- Used full hashes in security archive.Nick Pope
2021-05-17Corrected commit hashes for security patches.Mariusz Felisiak
2021-05-17Refs #32720 -- Used :commit: and :source: role in old release notes.Nick Pope
2021-05-13Added stub release notes for Django 3.2.4.Mariusz Felisiak
2021-05-13Fixed #32718 -- Relaxed file name validation in FileField.Mariusz Felisiak
- Validate filename returned by FileField.upload_to() not a filename passed to the FileField.generate_filename() (upload_to() may completely ignored passed filename). - Allow relative paths (without dot segments) in the generated filename. Thanks to Jakub Kleň for the report and review. Thanks to all folks for checking this patch on existing projects. Thanks Florian Apolloner and Markus Holtermann for the discussion and implementation idea. Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3.
2021-05-13Fixed #32717 -- Fixed filtering of querysets combined with the | operator.Simon Charette
Address a long standing bug in a Where.add optimization to discard equal nodes that was surfaced by implementing equality for Lookup instances in bbf141bcdc31f1324048af9233583a523ac54c94. Thanks Shaheed Haque for the report.
2021-05-13Fixed #32031 -- Added model class for each model to AdminSite.each_context().Raffaele Salmaso
2021-05-12Fixed #32738 -- Deprecated django.utils.datetime_safe module.Nick Pope
2021-05-12Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection ↵Nick Pope
options in MySQL backend. The 'db' and 'passwd' connection options have been deprecated, use 'database' and 'password' instead (available since mysqlclient >= 1.3.8). This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL.
2021-05-12Refs #32718 -- Corrected CVE-2021-31542 release notes.Mariusz Felisiak
2021-05-07Fixed #32670 -- Allowed GDALRasters to use any GDAL virtual filesystem.Jordi Castells
2021-05-07Fixed #32712 -- Deprecated django.utils.baseconv module.Hasan Ramezani
2021-05-06Added stub release notes for Django 3.2.3.Mariusz Felisiak
2021-05-06Added CVE-2021-32052 to security archive.Mariusz Felisiak
2021-05-06Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being ↵Mariusz Felisiak
accepted in URLValidator on Python 3.9.5+. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs [1, 2]. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid. [1] https://bugs.python.org/issue43882 and [2] https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4
2021-05-05Fixed #32714 -- Prevented recreation of migration for Meta.ordering with ↵Simon Charette
OrderBy expressions. Regression in c8b659430556dca0b2fe27cf2ea0f8290dbafecd. Thanks Kevin Marsh for the report.
2021-05-04Added commits for CVE-2021-31542 to security archive.Carlton Gibson
2021-05-04Added CVE-2021-31542 to security archive.Carlton Gibson
2021-05-04Added stub release notes for Django 3.2.2.Carlton Gibson
2021-05-04Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.Florian Apolloner
2021-04-30Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.Tim Graham
2021-04-30Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ↵Hasan Ramezani
ExceptionReporter._get_raw_insecure_uri().
2021-04-29Refs #32674 -- Noted that auto-created through table PKs cannot be ↵Carlton Gibson
automatically migrated.
2021-04-29Refs #32682 -- Renamed lookup_needs_distinct() to lookup_spawns_duplicates().Mariusz Felisiak
Follow up to 187118203197801c6cb72dc8b06b714b23b6dd3d.
2021-04-29Fixed #32675 -- Doc'd that autodector changes might cause generation of ↵David Wobrock
no-op migrations. Follow up to aa4acc164d1247c0de515c959f7b09648b57dc42.
2021-04-28Fixed #32632, Fixed #32657 -- Removed flawed support for Subquery ↵Simon Charette
deconstruction. Subquery deconstruction support required implementing complex and expensive equality rules for sql.Query objects for little benefit as the latter cannot themselves be made deconstructible to their reference to model classes. Making Expression @deconstructible and not BaseExpression allows interested parties to conform to the "expression" API even if they are not deconstructible as it's only a requirement for expressions allowed in Model fields and meta options (e.g. constraints, indexes). Thanks Phillip Cutter for the report. This also fixes a performance regression in bbf141bcdc31f1324048af9233583a523ac54c94.
2021-04-27Fixed #32687 -- Restored passing process’ environment to underlying tool ↵Konstantin Alekseev
in dbshell on PostgreSQL. Regression in bbe6fbb8768e8fb1aecb96d51c049d7ceaf802d3.
2021-04-27Fixed #32682 -- Made admin changelist use Exists() instead of distinct() for ↵Mariusz Felisiak
preventing duplicates. Thanks Zain Patel for the report and Simon Charette for reviews. The exception introduced in 6307c3f1a123f5975c73b231e8ac4f115fd72c0d revealed a possible data loss issue in the admin.
2021-04-26Fixed #32681 -- Fixed VariableDoesNotExist when rendering some admin template.Zain Patel
Regression in 84609b3205905097d7d3038d32e6101f012c0619.
2021-04-21Fixed #32650 -- Fixed handling subquery aliasing on queryset combination.Simon Charette
This issue started manifesting itself when nesting a combined subquery relying on exclude() since 8593e162c9cb63a6c0b06daf045bc1c21eb4d7c1 but sql.Query.combine never properly handled subqueries outer refs in the first place, see QuerySetBitwiseOperationTests.test_subquery_aliases() (refs #27149). Thanks Raffaele Salmaso for the report.
2021-04-21Fixed #32665 -- Fixed caches system check crash when STATICFILES_DIRS is a ↵Mariusz Felisiak
list of 2-tuples. Thanks Jared Lockhart for the report. Regression in c36075ac1dddfa986340b1a5e15fe48833322372.
2021-04-21Fixed #32647 -- Restored multi-row select with shift-modifier in admin ↵Carlton Gibson
changelist. Regression in 30e59705fc3e3e9e8370b965af794ad6173bf92b.
2021-04-20Refs #25287 -- Added support for multiplying and dividing DurationField by ↵Tobias Bengfort
scalar values on SQLite.
2021-04-14Fixed #32643 -- Fixed decoding of messages in the pre-Django 3.2 format.Florian Apolloner
Thanks Jan Pieter Waagmeester for the report. Regression in 2d6179c819010f6a9d00835d5893c4593c0b85a0.
2021-04-14Fixed #32645 -- Fixed QuerySet.update() crash when ordered by joined fields ↵Mariusz Felisiak
on MySQL/MariaDB. Thanks Matt Westcott for the report. Regression in 779e615e362108862f1681f965ee9e4f1d0ae6d2.
2021-04-14Refs #32548 -- Forwardported 3.2.1 release note.Mariusz Felisiak
2021-04-14Fixed #32648 -- Fixed VariableDoesNotExist rendering sitemaps template.Arthur Jovart
2021-04-14Fixed #32649 -- Fixed ModelAdmin.search_fields crash when searching against ↵Mariusz Felisiak
phrases with unbalanced quotes. Thanks Dlis for the report. Regression in 26a413507abb38f7eee4cf62f2ee9727fdc7bf8d.