summaryrefslogtreecommitdiff
path: root/docs/releases
AgeCommit message (Collapse)Author
2020-03-04Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions ↵Mariusz Felisiak
and aggregates on Oracle. Thanks to Norbert Szetei for the report.
2020-03-03Fixed #31147 -- Added SearchHeadline to django.contrib.postgres.Hannes Ljungberg
2020-03-03Fixed #31150 -- Included subqueries that reference related fields in GROUP ↵Mariusz Felisiak
BY clauses. Thanks Johannes Hoppe for the report. Regression in fb3f034f1c63160c0ff13c609acd01c18be12f80. Co-authored-by: Simon Charette <charette.s@gmail.com>
2020-03-02Fixed #31274 -- Used signing infrastructure in SessionBase.encode()/decode().Claude Paroz
Thanks Mariusz Felisiak and Florian Apolloner for the reviews.
2020-02-28Fixed #31032 -- Updated admin browser support FAQ for 2020.Carlton Gibson
Following web standards, the modern _evergreen_ browsers are all supported. This applies equally to mobile platforms. Assuming current trends continue, this should be a sustainable policy. Microsoft deprecated all versions of Internet Explorer. IE 11, the last version, is described as a "compatibility solution" rather than a web browser. Whilst it will receive security updates for the lifetime of Windows 10 it's use is actively discouraged. The IE 11 downloads page makes it clear: "We recommend you use the new Microsoft Edge".
2020-02-27Fixed #31312 -- Properly ordered temporal subtraction params on MySQL.Simon Charette
Regression in 9bcbcd599abac91ea853b2fe10b784ba32df043e. Thanks rick2ricks for the report.
2020-02-20Fixed #31182 -- Adjusted release notes for ASGI support.Adam Johnson
2020-02-18Refs #26601 -- Deprecated passing None as get_response arg to middleware ↵Claude Paroz
classes. This is the new contract since middleware refactoring in Django 1.10. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-02-18Fixed #31271 -- Preserved ordering when unifying query parameters on Oracle.Mariusz Felisiak
This caused misplacing parameters in logged SQL queries. Regression in 79065b55a70cd220820a260a1c54851b7be0615a. Thanks Hans Aarne Liblik for the report.
2020-02-18Fixed #20995 -- Added support for iterables of template names to {% include ↵Keshav Kumar
%} template tag. Thanks Adam Johnson for the review.
2020-02-12Refs #27468 -- Made PasswordResetTokenGenerator use SHA-256 algorithm.Claude Paroz
2020-02-11Fixed #31246 -- Fixed locking models in QuerySet.select_for_update(of=()) ↵Abhijeet Viswa
for related fields and parent link fields with multi-table inheritance. Partly regression in 0107e3d1058f653f66032f7fd3a0bd61e96bf782.
2020-02-11Fixed #31240 -- Properly closed FileResponse when wsgi.file_wrapper is used.Florian Apolloner
Thanks to Oskar Persson for the report.
2020-02-11Fixed #31253 -- Fixed data loss possibility when using caching from async code.Jon Dufresne
Case missed in a415ce70bef6d91036b00dd2c8544aed7aeeaaed.
2020-02-10Added stub release notes for 2.2.11.Mariusz Felisiak
2020-02-10Added "Bugfixes" section to release notes for 3.0.4.Mariusz Felisiak
2020-02-07Refs #31055 -- Made DiscoverRunner skip running system checks on unused test ↵Simon Charette
databases.
2020-02-07Refs #31055 -- Added --database option to the check management command.Simon Charette
This avoids enabling the ``database`` checks unless they are explicitly requested and allows to disable on a per-alias basis which is required when only creating a subset of the test databases. This also removes unnecessary BaseCommand._run_checks() hook.
2020-02-06Refs #31233 -- Changed DatabaseWrapper._nodb_connection to _nodb_cursor().Jon Dufresne
It is now a method instead of a property and returns a context manager that yields a cursor on entry and closes the cursor and connection upon exit.
2020-02-05Fixed #31232 -- Changed default SECURE_REFERRER_POLICY to 'same-origin'.Adam Johnson
2020-02-05Improved grammar in 3.0 release notes for SECURE_CONTENT_TYPE_NOSNIFF change.Adam Johnson
2020-02-04Fixed #31210 -- Doc'd how to reproduce HttpRequest.is_ajax() in release notes.Adam Johnson
2020-02-04Fixed typo in docs/releases/3.1.txt.Adam Johnson
2020-02-04Fixed #27604 -- Used the cookie signer to sign message cookies.Claude Paroz
Co-authored-by: Craig Anderson <craiga@craiga.id.au>
2020-02-03Added stub release notes for 3.0.4.Carlton Gibson
2020-02-03Added CVE-2020-7471 to security archive.Carlton Gibson
2020-02-03Added release date for 3.0.3.Carlton Gibson
2020-02-03Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.Simon Charette
2020-01-31Fixed 31207 -- Prevented references to non-local remote fields in ↵Hasan Ramezani
ForeignKey.to_field. Thanks Simon Charette for the initial patch and review.
2020-01-29Refs #25778 -- Updated some links to HTTPS and new locations.Mariusz Felisiak
2020-01-28Refs #30997 -- Added link to Fetch API in release notes.Nick Pope
2020-01-27Fixed #30997 -- Deprecated HttpRequest.is_ajax().Claude Paroz
2020-01-27Refs #30997 -- Removed HttpRequest.is_ajax() usage.Claude Paroz
2020-01-24Refs #30997 -- Added HttpRequest.accepts().Claude Paroz
2020-01-23Fixed #27888 -- Added link to clear all filters in the admin changelist view.Hasan Ramezani
2020-01-22Fixed #31190 -- Fixed prefetch_related() crash for GenericForeignKey with ↵Eugene Hatsko
custom ContentType foreign key. Regression in dffa3e1992562ba60512d96d1eb5859ffff2ceb5.
2020-01-16Fixed #30752 -- Allowed using ExceptionReporter subclasses in error reports.Pavel Lysak
2020-01-16Fixed #30765 -- Made cache_page decorator take precedence over max-age ↵Flavio Curella
Cache-Control directive.
2020-01-15Fixed #31124 -- Fixed setting of get_FOO_display() when overriding inherited ↵Carlton Gibson
choices. Regression in 2d38eb0ab9f78d68c083a5b78b1eca39027b279a
2020-01-14Refs #31097 -- Added release notes for 2f565f84aca136d9cc4e4d061f3196ddf9358ab8.Carlton Gibson
.
2020-01-11Removed unused ExceptionReporterFilter class.Carlton Gibson
Unused since 8f8c54f70bfa3aa8e311514297f1eeded2c32593.
2020-01-11Fixed #31155 -- Fixed a system check for the longest choice when a named ↵Mariusz Felisiak
group contains only non-string values. Regression in b6251956b69512bf230322bd7a49b629ca8455c6. Thanks Murat Guchetl for the report.
2020-01-10Fixed #23004 -- Added request.META filtering to SafeExceptionReporterFilter.Carlton Gibson
Co-authored-by: Ryan Castner <castner.rr@gmail.com>
2020-01-10Refs #23004 -- Allowed exception reporter filters to customize settings ↵Carlton Gibson
filtering. Thanks to Tim Graham for the original implementation idea. Co-authored-by: Daniel Maxson <dmaxson@ccpgames.com>
2020-01-10Fixed #31154 -- Added support for using enumeration types in templates.Adam Johnson
Enumeration helpers are callables, so the template system tried to call them with no arguments. Thanks Rupert Baker for helping discover this.
2020-01-09Fixed #30995 -- Allowed converter.to_url() to raise ValueError to indicate ↵Jack Cushman
no match.
2020-01-08Fixed #31118 -- Made FileInput to avoid the required attribute when initial ↵Shubham singh
data exists.
2020-01-08Fixed #31141 -- Relaxed system check of translation settings for sublanguages.Mariusz Felisiak
Regression in 4400d8296d268f5a8523cd02ddc33b12219b2535. Thanks Enrique Matías Sánchez for the report.
2020-01-07Fixed #15982 -- Added DATE_INPUT_FORMATS to forms.DateTimeField default ↵Claude Paroz
input formats.
2020-01-06Fixed #11385 -- Made forms.DateTimeField accept ISO 8601 date inputs.Claude Paroz
Thanks José Padilla for the initial patch, and Carlton Gibson for the review.