| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-08-01 | Added CVE-2019-14233 to security release archive. | Carlton Gibson | |
| 2019-08-01 | Added CVE-2019-14232 to the security release archive. | Carlton Gibson | |
| 2019-08-01 | Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in ↵ | Florian Apolloner | |
| django.utils.encoding.uri_to_iri(). Thanks to Guido Vranken for initial report. | |||
| 2019-08-01 | Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index ↵ | Mariusz Felisiak | |
| lookups against SQL injection. Thanks to Sage M. Abdullah for the report and initial patch. Thanks Florian Apolloner for reviews. | |||
| 2019-08-01 | Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ↵ | Florian Apolloner | |
| strip_tags() when handling incomplete HTML entities. Thanks to Guido Vranken for initial report. | |||
| 2019-08-01 | Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when ↵ | Florian Apolloner | |
| truncating HTML. Thanks to Guido Vranken for initial report. | |||
| 2019-07-31 | Fixed #30665 -- Added support for distinct argument to Avg() and Sum(). | Étienne Beaulé | |
| 2019-07-31 | Fixed #30160 -- Added support for LZMA and XZ templates to ↵ | Nick Pope | |
| startapp/startproject management commands. | |||
| 2019-07-27 | Refs #28147 -- Fixed setting of OneToOne and Foreign Key fields to None when ↵ | Jon Dufresne | |
| using attnames. Regression in 519016e5f25d7c0a040015724f9920581551cab0. | |||
| 2019-07-25 | Added stub release notes for security releases. | Carlton Gibson | |
| 2019-07-25 | Fixed #30657 -- Allowed customizing Field's descriptors with a ↵ | Jon Dufresne | |
| descriptor_class attribute. Allows model fields to override the descriptor class used on the model instance attribute. | |||
| 2019-07-24 | Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be ↵ | Tom Forbes | |
| resolved. | |||
| 2019-07-23 | Fixed #30506 -- Fixed crash of autoreloader when path contains null characters. | Tom Forbes | |
| 2019-07-16 | Fixed #29824 -- Added support for database exclusion constraints on PostgreSQL. | Mads Jensen | |
| Thanks to Nick Pope and Mariusz Felisiak for review. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2019-07-16 | Refs #29824 -- Added RangeOperators helper class. | Mads Jensen | |
| 2019-07-10 | Updated Select2 to version 4.0.7. | Johannes Hoppe | |
| 2019-07-10 | Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField ↵ | Mariusz Felisiak | |
| when the right hand side is the same type. Thanks Tilman Koschnick for the report and initial patch. Thanks Carlton Gibson the review. Regression in 6b048b364ca1e0e56a0d3815bf2be33ac9998355. | |||
| 2019-07-10 | Fixed #30628 -- Adjusted expression identity to differentiate bound fields. | Simon Charette | |
| Expressions referring to different bound fields should not be considered equal. Thanks Julien Enselme for the detailed report. Regression in bc7e288ca9554ac1a0a19941302dea19df1acd21. | |||
| 2019-07-09 | Added stub release notes for 2.2.4. | Mariusz Felisiak | |
| 2019-07-08 | Fixed #30397 -- Added app_label/class interpolation for names of indexes and ↵ | can | |
| constraints. | |||
| 2019-07-08 | Refs #29444 -- Added support for fetching a returned non-integer insert ↵ | Johannes Hoppe | |
| values on Oracle. This is currently not actively used, since the ORM will ask the SQL compiler to only return auto fields. | |||
| 2019-07-02 | Fixed #27801 -- Made createsuperuser fall back to environment variables for ↵ | Hasan Ramezani | |
| password and required fields. | |||
| 2019-07-01 | Added CVE-2019-12781 to the security release archive. | Mariusz Felisiak | |
| 2019-07-01 | Added release date for 2.2.3. | Mariusz Felisiak | |
| 2019-07-01 | Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵ | Carlton Gibson | |
| SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review. | |||
| 2019-07-01 | Added stub release notes for security releases. | Mariusz Felisiak | |
| 2019-06-29 | Updated translations from Transifex | Claude Paroz | |
| Forward port of b3f7262e6e5d9e68e37fb21af89ed6656291faa3 from stable/2.2.x | |||
| 2019-06-26 | Fixed #30594 -- Added 'private' Cache-Control directive to never_cache() ↵ | nsasaki128 | |
| decorator. | |||
| 2019-06-26 | Fixed #30588 -- Fixed crash of autoreloader when __main__ module doesn't ↵ | Tom Forbes | |
| have __file__ attribute. | |||
| 2019-06-21 | Fixed #30421 -- Allowed symmetrical intermediate table for self-referential ↵ | Nadège Michel | |
| ManyToManyField. | |||
| 2019-06-21 | Fixed typos in 1.11.19, 2.0.11, 2.1.6 release notes. | Jon Dufresne | |
| 2019-06-20 | Fixed #30451 -- Added ASGI handler and coroutine-safety. | Andrew Godwin | |
| This adds an ASGI handler, asgi.py file for the default project layout, a few async utilities and adds async-safety to many parts of Django. | |||
| 2019-06-14 | Fixed #12952 -- Adjusted admin log change messages to use form labels ↵ | Sanyam Khurana | |
| instead of field names. | |||
| 2019-06-13 | Fixed #30128 -- Fixed handling timedelta timezone in database functions. | can | |
| 2019-06-11 | Fixed #27486 -- Fixed Python 3.7 DeprecationWarning in intword and ↵ | Jon Dufresne | |
| filesizeformat filters. intword and filesizeformat passed floats to ngettext() which is deprecated in Python 3.7. The rationale for this warning is documented in BPO-28692: https://bugs.python.org/issue28692. For filesizeformat, the filesize value is expected to be an int -- it fills %d string formatting placeholders. It was likely coerced to a float to ensure floating point division on Python 2. Python 3 always does floating point division, so coerce to an int instead of a float to fix the warning. For intword, the number may contain a decimal component. In English, a decimal component makes the noun plural. A helper function, round_away_from_one(), was added to convert the float to an integer that is appropriate for ngettext(). | |||
| 2019-06-07 | Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields. | Hasan Ramezani | |
| Thank you to Nick Pope for review. Co-authored-by: CHI Cheng <cloudream@gmail.com> | |||
| 2019-06-05 | Refs #30226 -- Added User.get_user_permissions() method. | Tobias Bengfort | |
| Added to mirror the existing User.get_group_permissions(). | |||
| 2019-06-05 | Fixed #30226 -- Added BaseBackend for authentication. | Tobias Bengfort | |
| 2019-06-05 | Fixed #30542 -- Fixed crash of numerical aggregations with filter. | Étienne Beaulé | |
| Filters in annotations crashed when used with numerical-type aggregations (i.e. Avg, StdDev, and Variance). This was caused as the source expressions no not necessarily have an output_field (such as the filter field), which lead to an AttributeError: 'WhereNode' object has no attribute output_field. Thanks to Chuan-Zheng Lee for the report. Regression in c690afb873cac8035a3cb3be7c597a5ff0e4b261 and two following commits. | |||
| 2019-06-05 | Added stub release notes for 2.2.3. | Mariusz Felisiak | |
| 2019-06-03 | Added CVE-2019-12308 to the security release archive. | Nick Pope | |
| 2019-06-03 | Added CVE-2019-11358 to the security release archive. | Nick Pope | |
| 2019-06-03 | Fixed typos in 1.11.21, 2.1.9, 2.2.2 release notes. | Mariusz Felisiak | |
| 2019-06-03 | Applied jQuery patch for CVE-2019-11358. | Carlton Gibson | |
| 2019-06-03 | Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL before ↵ | Carlton Gibson | |
| rendering clickable link. | |||
| 2019-06-03 | Added stub release notes for security releases. | Carlton Gibson | |
| 2019-05-31 | Fixed #28520 -- Added --start-at/--start-after options to runtests.py. | Hasan Ramezani | |
| 2019-05-29 | Fixed #30523 -- Fixed updating file modification times on seen files in ↵ | Tom Forbes | |
| auto-reloader when using StatReloader. Previously we updated the file mtimes if the file has not been seen before - i.e on the first iteration of the loop. If the mtime has been changed we triggered the notify_file_changed() method which in all cases except the translations will result in the process being terminated. To be strictly correct we need to update the mtime for either branch of the conditional. Regression in 6754bffa2b2df15a741008aa611c1bb0e8dff22b. | |||
| 2019-05-29 | Fixed #30516 -- Fixed crash of autoreloader when re-raising exceptions with ↵ | Tom Forbes | |
| custom signature. Regression in c8720e7696ca41f3262d5369365cc1bd72a216ca. | |||
| 2019-05-28 | Fixed #30315 -- Fixed crash of ArrayAgg and StringAgg with ordering when ↵ | Caio Ariede | |
| used in Subquery. | |||
