summaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
2021-05-06[3.2.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs ↵Mariusz Felisiak
from being accepted in URLValidator on Python 3.9.5+. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs [1, 2]. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid. [1] https://bugs.python.org/issue43882 and [2] https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 Backport of e1e81aa1c4427411e3c68facdd761229ffea6f6f from main.
2021-05-05[3.2.x] Fixed #32714 -- Prevented recreation of migration for Meta.ordering ↵Simon Charette
with OrderBy expressions. Regression in c8b659430556dca0b2fe27cf2ea0f8290dbafecd. Thanks Kevin Marsh for the report. Backport of 96f55ccf798c7592a1203f798a4dffaf173a9263 from main
2021-05-04[3.2.x] Added CVE-2021-31542 to security archive.Carlton Gibson
Backport of 607ebbfba915de2d84eb943aa93654f31817a709 and 62b2e8b37e37a313c63be40e3223ca4e830ebde3 from main
2021-05-04[3.2.x] Added stub release notes for Django 3.2.2.Carlton Gibson
Backport of 5a43cfe24533591a020ba4e730440bad81c478db from main
2021-05-04[3.2.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in ↵Florian Apolloner
file uploads.
2021-04-30[3.2.x] Added spelling option to make.bat.Susan Wright
Backport of 7582d913e7db7f32e4cdcfafc177aa77cbbf4332 from main
2021-04-29[3.2.x] Refs #32178 -- Doc'd ↵Hasan Ramezani
DatabaseFeatures.django_test_skips/django_test_expected_failures in contributing guide. Backport of ca34db46504fca1221e27f6ab13734dfdfde6e1c from main
2021-04-29[3.2.x] Refs #32674 -- Noted that auto-created through table PKs cannot be ↵Carlton Gibson
automatically migrated. Backport of 907d3a7ff4e12ad4ccc86af26a728007fe4d6fa2 from main
2021-04-29[3.2.x] Refs #32694 -- Clarified when colorama requirement is needed in ↵Carlton Gibson
Windows how-to. Backport of 4f128fcf5dd5099a5ea374a87cad64852a9b62dd from main
2021-04-28[3.2.x] Corrected introduction to range field lookups docs.Adam Johnson
Follow up to 24b9f5082344a127147266dd52d5d2dcd1c9cb44. Backport of 68e876c0953f882e54dddd49ef727f9e38e2d0d1 from main
2021-04-28[3.2.x] Fixed #32632, Fixed #32657 -- Removed flawed support for Subquery ↵Simon Charette
deconstruction. Subquery deconstruction support required implementing complex and expensive equality rules for sql.Query objects for little benefit as the latter cannot themselves be made deconstructible to their reference to model classes. Making Expression @deconstructible and not BaseExpression allows interested parties to conform to the "expression" API even if they are not deconstructible as it's only a requirement for expressions allowed in Model fields and meta options (e.g. constraints, indexes). Thanks Phillip Cutter for the report. This also fixes a performance regression in bbf141bcdc31f1324048af9233583a523ac54c94. Backport of c8b659430556dca0b2fe27cf2ea0f8290dbafecd from main
2021-04-27[3.2.x] Fixed #32687 -- Restored passing process’ environment to ↵Konstantin Alekseev
underlying tool in dbshell on PostgreSQL. Regression in bbe6fbb8768e8fb1aecb96d51c049d7ceaf802d3. Backport of 6e742dabc95b00ba896434293556adeb4dbaee8a from main.
2021-04-27[3.2.x] Fixed #32682 -- Made admin changelist use Exists() instead of ↵Mariusz Felisiak
distinct() for preventing duplicates. Thanks Zain Patel for the report and Simon Charette for reviews. The exception introduced in 6307c3f1a123f5975c73b231e8ac4f115fd72c0d revealed a possible data loss issue in the admin. Backport of 187118203197801c6cb72dc8b06b714b23b6dd3d from main
2021-04-27[3.2.x] Refs #32682 -- Renamed use_distinct variable to may_have_duplicates.Mariusz Felisiak
QuerySet.distinct() is not the only way to avoid duplicate, it's also not preferred. Backport of cd74aad90e09865ae6cd8ca0377ef0a5008d14e9 from main
2021-04-26[3.2.x] Fixed #32681 -- Fixed VariableDoesNotExist when rendering some admin ↵Zain Patel
template. Regression in 84609b3205905097d7d3038d32e6101f012c0619. Backport of 4e5bbb6ef2287126badd32842b239f4a8a7394ca from main.
2021-04-23[3.2.x] Refs #28034 -- Corrected docs example in contributing tutorial.Clumart.G
Backport of 67bb1f516cf507feb141fd4ef746456e1ef67c4a from main
2021-04-22[3.2.x] Added note to update docs config when creating new stable branch.Carlton Gibson
django_next_version in docs/conf.py should be bumped when creating a new stable branch. Backport of 6a7af38b072f97d15e06aba87c673c16ecafe5a8 from main
2021-04-21[3.2.x] Fixed #32667 -- Added link to labeling checks in ↵Abhyudai
BaseCommand.requires_system_checks docs. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Backport of 4a77aeb1f86bc06e18023cac10109e067ed20800 from main
2021-04-21[3.2.x] Fixed #32650 -- Fixed handling subquery aliasing on queryset ↵Simon Charette
combination. This issue started manifesting itself when nesting a combined subquery relying on exclude() since 8593e162c9cb63a6c0b06daf045bc1c21eb4d7c1 but sql.Query.combine never properly handled subqueries outer refs in the first place, see QuerySetBitwiseOperationTests.test_subquery_aliases() (refs #27149). Thanks Raffaele Salmaso for the report. Backport of 6d0cbe42c3d382e5393d4af48185c546bb0ada1f from main
2021-04-21[3.2.x] Fixed #32665 -- Fixed caches system check crash when ↵Mariusz Felisiak
STATICFILES_DIRS is a list of 2-tuples. Thanks Jared Lockhart for the report. Regression in c36075ac1dddfa986340b1a5e15fe48833322372. Backport of 34d1905712d33e72c76b3a55a4fc24abbd11be6c from main
2021-04-21[3.2.x] Fixed #32647 -- Restored multi-row select with shift-modifier in ↵Carlton Gibson
admin changelist. Regression in 30e59705fc3e3e9e8370b965af794ad6173bf92b. Backport of 5c73fbb6a93ee214678f02ba4027f18dff49337b from main
2021-04-16[3.2.x] Corrected File, ContentFile, and ImageFile signatures in docs.Adam Johnson
Backport of 725ca1fb60da2ef1bb6db146cd2d735591e75fbd from main
2021-04-15[3.2.x] Fixed #32652 -- Fixed links to new contributors FAQ.Carlton Gibson
Backport of e3e2276e6fe6fd77e4fbdeeb2a287288d31de3bb from main
2021-04-15[3.2.x] Fixed #32643 -- Fixed decoding of messages in the pre-Django 3.2 format.Florian Apolloner
Thanks Jan Pieter Waagmeester for the report. Regression in 2d6179c819010f6a9d00835d5893c4593c0b85a0. Backport of 4511d1459810037b91faa5b506e4f75c77aa72be from main.
2021-04-14[3.2.x] Fixed #32645 -- Fixed QuerySet.update() crash when ordered by joined ↵Mariusz Felisiak
fields on MySQL/MariaDB. Thanks Matt Westcott for the report. Regression in 779e615e362108862f1681f965ee9e4f1d0ae6d2. Backport of ca9872905559026af82000e46cde6f7dedc897b6 from main
2021-04-14[3.2.x] Fixed #32548 -- Fixed crash when combining Q() objects with boolean ↵Jonathan Richards
expressions. Backport of 00b0786de533dbb3f6208d8d5eaddbf765b4e5b8 from main. Regression in 466920f6d726eee90d5566e0a9948e92b33a122e.
2021-04-14[3.2.x] Fixed #32648 -- Fixed VariableDoesNotExist rendering sitemaps template.Arthur Jovart
Backport of 08c60cce3b13f6e60d7588206da2d3c71228f378 from main
2021-04-14[3.2.x] Fixed #32649 -- Fixed ModelAdmin.search_fields crash when searching ↵Mariusz Felisiak
against phrases with unbalanced quotes. Thanks Dlis for the report. Regression in 26a413507abb38f7eee4cf62f2ee9727fdc7bf8d. Backport of 23fa29f6a6659e0f600d216de6bcb79e7f6818c9 from main
2021-04-14[3.2.x] Fixed #32635 -- Fixed system check crash for reverse o2o relations ↵Hasan Ramezani
in CheckConstraint.check and UniqueConstraint.condition. Regression in b7b7df5fbcf44e6598396905136cab5a19e9faff. Thanks Szymon Zmilczak for the report. Backport of a77c9a4229cfef790ec18001b2cd18bd9c4aedbc from main
2021-04-13[3.2.x] Fixed #32637 -- Restored exception message on technical 404 debug page.Mariusz Felisiak
Thanks Atul Varma for the report. Backport of 3b8527e32b665df91622649550813bb1ec9a9251 from main
2021-04-13[3.2.x] Fixed #32627 -- Fixed QuerySet.values()/values_list() crash on ↵Iuri de Silvio
combined querysets ordered by unannotated columns. Backport of 9760e262f85ae57df39abe2799eff48a82b14474 from main
2021-04-10[3.2.x] Bumped django_next_version in docs config.Carlton Gibson
2021-04-09[3.2.x] Fixed #32618 -- Added link to conditional aggregation in aggregation ↵Hasan Ramezani
topic guide. Backport of 1351f2ee163145df2cf5471eb3e57289f8853512 from main
2021-04-09[3.2.x] Fixed #32535 -- Added note about DEBUG_PROPAGATE_EXCEPTIONS setting ↵Hasan Ramezani
to middleware docs. Backport of fc268c8648d0d0375d01d36aa1f05f1172ff1566 from main
2021-04-08[3.2.x] Fixed #32620 -- Allowed subclasses of Big/SmallAutoField for ↵Adam Johnson
DEFAULT_AUTO_FIELD. Backport of 45a58c31e64dbfdecab1178b1d00a3803a90ea2d from main
2021-04-07[3.2.x] Corrected release number format in 3.2.1 release notes.Carlton Gibson
Backport of 3f2920ae1d91e67ebf677d407da528c04188384e from main
2021-04-07[3.2.x] Fixed #32544 -- Confirmed support for GDAL 3.2 and GEOS 3.9.Claude Paroz
Backport of e3cfba0029516aafe40f963378e234df2c0d33bb from main.
2021-04-07[3.2.x] Corrected wrapping in 3.2 release notes.Carlton Gibson
Partially reverts 0802b404a210862e6765a6c7dee6cba61085d7a6. Backport of 5b05a45c62f4702a6039cd3de290320c232cb808 from main
2021-04-06[3.2.x] Refs #30156 -- Corrected version in SpatiaLite install instructions.Mariusz Felisiak
Backport of da542ccab6d61e1467199b52f77f64a2d72f5faf from main
2021-04-06[3.2.x] Added stub release notes for Django 3.2.1.Carlton Gibson
Backport of df0a9e6d5ce00fc7890545d854dbea876bd07d9b from main
2021-04-06[3.2.x] Added release date for Django 3.2.Carlton Gibson
Adjusted wrapping in release notes where needed. Backport of 0802b404a210862e6765a6c7dee6cba61085d7a6 from main
2021-04-06[3.2.x] Updated manpage for Django 3.2 final.Carlton Gibson
2021-04-06[3.2.x] Updated asgiref dependency for 3.2 release series.Carlton Gibson
Backport of 5aea50e57f6c1bd725db36a0664e21b2be91b591 from main
2021-04-06[3.2.x] Added CVE-2021-28658 to security archive.Mariusz Felisiak
Backport of 1eac8468cbde790fecb51dd055a439f4947d01e9 from main
2021-04-06[3.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via ↵Mariusz Felisiak
uploaded files. Thanks Claude Paroz for the initial patch. Thanks Dennis Brinkrolf for the report. Backport of d4d800ca1addc4141e03c5440a849bb64d1582cd from main.
2021-03-31[3.2.x] Refs #32105 -- Moved ExceptionReporter template paths to properties.William Schwartz
Refs #32316. Backport of 7248afe12f40361870388ecdd7e0038eb0d58e47 from main
2021-03-30[3.2.x] Removed dead link in docs/topics/http/sessions.txt.arcanemachine
Backport of 4a80d0f22021bb0af842f038eba45958e9576bec from main
2021-03-26[3.2.x] Added missing mode="rb" argument to open() call in Client.post() ↵John
example in docs. Backport of 509d266c6aae5e4d5738fe2a2cba0bde581aac2b from main
2021-03-26[3.2.x] Fixed #32580 -- Doc'd that HttpRequest.get_host() may raise ↵sreehari1997
DisallowedHost. Backport of 0860db225a4a7059c0884c87c0a7aa0035fd0d36 from main
2021-03-25[3.2.x] Refs #31003 -- Moved note about return value of ↵Claude Paroz
QuerySet.bulk_create() to the first paragraph. Backport of cac9ec73db35a6d38d33f271f4724da486c60e9f from main.