| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-05-26 | Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24. | Carlton Gibson | |
| 2021-05-26 | Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for ↵ | Hasan Ramezani | |
| template changes. | |||
| 2021-05-21 | Fixed #32375 -- Started deprecation toward changing the default sitemap ↵ | Rohith PR | |
| protocol to https. The default sitemap protocol, when it is built outside the context of a request, will be changed from 'http' to 'https' in Django 5.0. | |||
| 2021-05-20 | Changed IRC references to Libera.Chat. | Mariusz Felisiak | |
| 2021-05-20 | Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and ↵ | David Sanders | |
| log_deletion() methods. | |||
| 2021-05-19 | Fixed #32740 -- Caught possible exception when initializing colorama. | Carlton Gibson | |
| 2021-05-18 | Fixed #32379 -- Started deprecation toward changing default USE_TZ to True. | Claude Paroz | |
| Co-authored-by: Nick Pope <nick@nickpope.me.uk> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-05-18 | Fixed #32747 -- Prevented initialization of unused caches. | Mariusz Felisiak | |
| Thanks Alexander Ebral for the report. Regression in 98e05ccde440cc9b768952cc10bc8285f4924e1f. | |||
| 2021-05-18 | Fixed #32733 -- Skipped system check for specifying type of auto-created ↵ | Rust Saiargaliev | |
| primary keys on abstract models. Regression in b5e12d490af3debca8c55ab3c1698189fdedbbdb. | |||
| 2021-05-18 | Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME. | Slava Skvortsov | |
| Regression in ba31b0103442ac891fb3cb98f316781254e366c3. | |||
| 2021-05-17 | Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. | Nick Pope | |
| 2021-05-17 | Refs #32720 -- Fixed some broken links in docs. | Nick Pope | |
| 2021-05-17 | Refs #32720 -- Used full hashes in security archive. | Nick Pope | |
| 2021-05-17 | Corrected commit hashes for security patches. | Mariusz Felisiak | |
| 2021-05-17 | Refs #32720 -- Used :commit: and :source: role in old release notes. | Nick Pope | |
| 2021-05-13 | Added stub release notes for Django 3.2.4. | Mariusz Felisiak | |
| 2021-05-13 | Fixed #32718 -- Relaxed file name validation in FileField. | Mariusz Felisiak | |
| - Validate filename returned by FileField.upload_to() not a filename passed to the FileField.generate_filename() (upload_to() may completely ignored passed filename). - Allow relative paths (without dot segments) in the generated filename. Thanks to Jakub Kleň for the report and review. Thanks to all folks for checking this patch on existing projects. Thanks Florian Apolloner and Markus Holtermann for the discussion and implementation idea. Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3. | |||
| 2021-05-13 | Fixed #32717 -- Fixed filtering of querysets combined with the | operator. | Simon Charette | |
| Address a long standing bug in a Where.add optimization to discard equal nodes that was surfaced by implementing equality for Lookup instances in bbf141bcdc31f1324048af9233583a523ac54c94. Thanks Shaheed Haque for the report. | |||
| 2021-05-13 | Fixed #32031 -- Added model class for each model to AdminSite.each_context(). | Raffaele Salmaso | |
| 2021-05-12 | Fixed #32738 -- Deprecated django.utils.datetime_safe module. | Nick Pope | |
| 2021-05-12 | Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection ↵ | Nick Pope | |
| options in MySQL backend. The 'db' and 'passwd' connection options have been deprecated, use 'database' and 'password' instead (available since mysqlclient >= 1.3.8). This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL. | |||
| 2021-05-12 | Refs #32718 -- Corrected CVE-2021-31542 release notes. | Mariusz Felisiak | |
| 2021-05-07 | Fixed #32670 -- Allowed GDALRasters to use any GDAL virtual filesystem. | Jordi Castells | |
| 2021-05-07 | Fixed #32712 -- Deprecated django.utils.baseconv module. | Hasan Ramezani | |
| 2021-05-06 | Added stub release notes for Django 3.2.3. | Mariusz Felisiak | |
| 2021-05-06 | Added CVE-2021-32052 to security archive. | Mariusz Felisiak | |
| 2021-05-06 | Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being ↵ | Mariusz Felisiak | |
| accepted in URLValidator on Python 3.9.5+. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs [1, 2]. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid. [1] https://bugs.python.org/issue43882 and [2] https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 | |||
| 2021-05-05 | Fixed #32714 -- Prevented recreation of migration for Meta.ordering with ↵ | Simon Charette | |
| OrderBy expressions. Regression in c8b659430556dca0b2fe27cf2ea0f8290dbafecd. Thanks Kevin Marsh for the report. | |||
| 2021-05-04 | Added commits for CVE-2021-31542 to security archive. | Carlton Gibson | |
| 2021-05-04 | Added CVE-2021-31542 to security archive. | Carlton Gibson | |
| 2021-05-04 | Added stub release notes for Django 3.2.2. | Carlton Gibson | |
| 2021-05-04 | Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. | Florian Apolloner | |
| 2021-04-30 | Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. | Tim Graham | |
| 2021-04-30 | Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ↵ | Hasan Ramezani | |
| ExceptionReporter._get_raw_insecure_uri(). | |||
| 2021-04-29 | Refs #32674 -- Noted that auto-created through table PKs cannot be ↵ | Carlton Gibson | |
| automatically migrated. | |||
| 2021-04-29 | Refs #32682 -- Renamed lookup_needs_distinct() to lookup_spawns_duplicates(). | Mariusz Felisiak | |
| Follow up to 187118203197801c6cb72dc8b06b714b23b6dd3d. | |||
| 2021-04-29 | Fixed #32675 -- Doc'd that autodector changes might cause generation of ↵ | David Wobrock | |
| no-op migrations. Follow up to aa4acc164d1247c0de515c959f7b09648b57dc42. | |||
| 2021-04-28 | Fixed #32632, Fixed #32657 -- Removed flawed support for Subquery ↵ | Simon Charette | |
| deconstruction. Subquery deconstruction support required implementing complex and expensive equality rules for sql.Query objects for little benefit as the latter cannot themselves be made deconstructible to their reference to model classes. Making Expression @deconstructible and not BaseExpression allows interested parties to conform to the "expression" API even if they are not deconstructible as it's only a requirement for expressions allowed in Model fields and meta options (e.g. constraints, indexes). Thanks Phillip Cutter for the report. This also fixes a performance regression in bbf141bcdc31f1324048af9233583a523ac54c94. | |||
| 2021-04-27 | Fixed #32687 -- Restored passing process’ environment to underlying tool ↵ | Konstantin Alekseev | |
| in dbshell on PostgreSQL. Regression in bbe6fbb8768e8fb1aecb96d51c049d7ceaf802d3. | |||
| 2021-04-27 | Fixed #32682 -- Made admin changelist use Exists() instead of distinct() for ↵ | Mariusz Felisiak | |
| preventing duplicates. Thanks Zain Patel for the report and Simon Charette for reviews. The exception introduced in 6307c3f1a123f5975c73b231e8ac4f115fd72c0d revealed a possible data loss issue in the admin. | |||
| 2021-04-26 | Fixed #32681 -- Fixed VariableDoesNotExist when rendering some admin template. | Zain Patel | |
| Regression in 84609b3205905097d7d3038d32e6101f012c0619. | |||
| 2021-04-21 | Fixed #32650 -- Fixed handling subquery aliasing on queryset combination. | Simon Charette | |
| This issue started manifesting itself when nesting a combined subquery relying on exclude() since 8593e162c9cb63a6c0b06daf045bc1c21eb4d7c1 but sql.Query.combine never properly handled subqueries outer refs in the first place, see QuerySetBitwiseOperationTests.test_subquery_aliases() (refs #27149). Thanks Raffaele Salmaso for the report. | |||
| 2021-04-21 | Fixed #32665 -- Fixed caches system check crash when STATICFILES_DIRS is a ↵ | Mariusz Felisiak | |
| list of 2-tuples. Thanks Jared Lockhart for the report. Regression in c36075ac1dddfa986340b1a5e15fe48833322372. | |||
| 2021-04-21 | Fixed #32647 -- Restored multi-row select with shift-modifier in admin ↵ | Carlton Gibson | |
| changelist. Regression in 30e59705fc3e3e9e8370b965af794ad6173bf92b. | |||
| 2021-04-20 | Refs #25287 -- Added support for multiplying and dividing DurationField by ↵ | Tobias Bengfort | |
| scalar values on SQLite. | |||
| 2021-04-14 | Fixed #32643 -- Fixed decoding of messages in the pre-Django 3.2 format. | Florian Apolloner | |
| Thanks Jan Pieter Waagmeester for the report. Regression in 2d6179c819010f6a9d00835d5893c4593c0b85a0. | |||
| 2021-04-14 | Fixed #32645 -- Fixed QuerySet.update() crash when ordered by joined fields ↵ | Mariusz Felisiak | |
| on MySQL/MariaDB. Thanks Matt Westcott for the report. Regression in 779e615e362108862f1681f965ee9e4f1d0ae6d2. | |||
| 2021-04-14 | Refs #32548 -- Forwardported 3.2.1 release note. | Mariusz Felisiak | |
| 2021-04-14 | Fixed #32648 -- Fixed VariableDoesNotExist rendering sitemaps template. | Arthur Jovart | |
| 2021-04-14 | Fixed #32649 -- Fixed ModelAdmin.search_fields crash when searching against ↵ | Mariusz Felisiak | |
| phrases with unbalanced quotes. Thanks Dlis for the report. Regression in 26a413507abb38f7eee4cf62f2ee9727fdc7bf8d. | |||
