summaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
2023-10-04[3.2.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in ↵Natalia
django.utils.text.Truncator when truncating HTML text. Thanks Wenchao Li of Alibaba Group for the report.
2023-09-27[3.2.x] Added stub release notes for 3.2.22.Natalia
Backport of 24f1a38b37c0af3a5ce0dd7b5392fe4e75d7e1dc from main.
2023-09-04[3.2.x] Added CVE-2023-41164 to security archive.Mariusz Felisiak
Backport of 8a98768868a104ea3ce10d8182590bdd095d9ccb from main
2023-09-04[3.2.x] Fixed CVE-2023-41164 -- Fixed potential DoS in ↵Mariusz Felisiak
django.utils.encoding.uri_to_iri(). Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2023-08-28[3.2.x] Added stub release notes for 3.2.21.Mariusz Felisiak
Backport of 24f1a38b37c0af3a5ce0dd7b5392fe4e75d7e1dc from main.
2023-08-03[3.2.x] Fixed #34756 -- Fixed docs HTML build on Sphinx 7.1+.David Smith
Backport of b3e0170ab546a96930ce3114b0a1a560953c0ff4 from main
2023-07-03[3.2.x] Added CVE-2023-36053 to security archive.Mariusz Felisiak
Backport of 1d6fbf16f24200a556beb6dd197439944deb6837 from main
2023-07-03[3.2.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator ↵Mariusz Felisiak
and URLValidator. Thanks Seokchan Yoon for reports.
2023-06-26[3.2.x] Added stub release notes for 3.2.20.Mariusz Felisiak
Backport of 2360ba22742c3ee8729697bfe2d508110465af56 from main
2023-05-03[3.2.x] Added CVE-2023-31047 to security archive.Mariusz Felisiak
Backport of 49830025c992fbc8d8f213e7c16dba1391c6adf2 from main
2023-05-03[3.2.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass of ↵Mariusz Felisiak
validation when uploading multiple files using one form field. Thanks Moataz Al-Sharida and nawaik for reports. Co-authored-by: Shai Berger <shai@platonix.com> Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2023-04-26[3.2.x] Added missing backticks in docs/releases/1.7.txt.Mariusz Felisiak
2023-04-26[3.2.x] Added stub release notes for 3.2.19.Mariusz Felisiak
Backport of 18a7f2c711529f8e43c36190a5e2479f13899749 from main
2023-02-14[3.2.x] Added CVE-2023-24580 to security archive.Carlton Gibson
Backport of ecafcaf634fcef93f9da8cb12795273dd1c3a576 from main
2023-02-07[3.2.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.Markus Holtermann
Thanks to Jakob Ackermann for the report.
2023-02-07[3.2.x] Added stub release notes for 3.2.18.Carlton Gibson
Backport of 7e003428f96d616c1f77fed84882a95e63bc3644 from main
2023-02-01[3.2.x] Added CVE-2023-23969 to security archive.Mariusz Felisiak
Backport of 36e3eef7d5a4c88671d20a561788679d0d9c334c from main
2023-02-01[3.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for ↵Nick Pope
Accept-Language. The parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. Accept-Language headers are now limited to a maximum length in order to avoid this issue.
2023-01-25[3.2.x] Adjusted release notes for 3.2.17.Carlton Gibson
Backport of d8e1442ce2c56282785dd806e5c1147975e8c857 from main
2023-01-25[3.2.x] Added stub release notes for 3.2.17.Carlton Gibson
Backport of 1df963ad2476726d63be132c0cee47e07b8250d7 from main
2022-12-29[3.2.x] Disabled auto-created table of contents entries on Sphinx 5.2+.Mariusz Felisiak
Auto-created table of contents entries for all domain objects (e.g. functions, classes, attributes, etc.) were added in Sphinx 5.2, see https://github.com/sphinx-doc/sphinx/issues/6316. An option to control new table of contents entries was added in Sphinx 5.2.3, see https://github.com/sphinx-doc/sphinx/pull/10886. Backport of 279967ec859a9a5240318cf29a077539b0e3139f from main
2022-10-29[3.2.x] Removed obsolete doc reference to asyncio.iscoroutinefunction.Nick Pope
Backport of 970f61fefb148284fb2af63b5cc844279254111a from main
2022-10-04[3.2.x] Added CVE-2022-36359 to security archive.Carlton Gibson
Backport of 93d4c9ea1de24eb391cb2b3561b6703fd46374df from main
2022-09-27[3.2.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as ↵Adam Johnson
regular expressions. Thanks to Benjamin Balder Bach for the report.
2022-09-27[3.2.x] Added stub notes 3.2.16 release.Carlton Gibson
Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main
2022-08-03[3.2.x] Added CVE-2022-36359 to security archive.Carlton Gibson
Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main
2022-08-03[3.2.x] Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header.Carlton Gibson
Thanks to Motoyasu Saburi for the report.
2022-07-27Adjusted release notes for 3.2.15.Carlton Gibson
Backport of cadd864f6878c1c02a014589876ece166befdeb3 from main
2022-07-27[3.2.x] Added stub release notes for 3.2.15 release.Carlton Gibson
Backport of 0c1675781ec5944132fe5a475ca6064edc71bd81 from main
2022-07-04[3.2.x] Added CVE-2022-34265 to security archive.Mariusz Felisiak
Backport of d12d7c4c42814736c24731a6a300a79526fc2ef6 from main
2022-07-04[3.2.x] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) ↵Mariusz Felisiak
against SQL injection. Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
2022-06-27[3.2.x] Bumped minimum Sphinx version to 4.5.0.Mariusz Felisiak
Related Sphinx changes: - https://github.com/sphinx-doc/sphinx/pull/8898 - https://github.com/sphinx-doc/sphinx/issues/8326 Backport of ebf25555bbed3e9112d4b726575d60b242daf48a from main.
2022-06-27[3.2.x] Fixed docs build with sphinxcontrib-spelling 7.5.0+.Mariusz Felisiak
sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set of nodes for which the text is checked. Backport of ac90529cc58507d9a07610809a795ec5fc3cbf8c from main.
2022-06-27[3.2.x] Added stub release notes for 3.2.14.Mariusz Felisiak
Backport of b2eff16806057095c7dd3daa9402ad615e51627f from main
2022-06-01[3.2.x] Fixed #33753 -- Fixed docs build on Sphinx 5+.Mariusz Felisiak
Empty language is not supported anymore. Backport of 565ad5ace46aa1e2368450701cba45dd1a95a026 from main
2022-04-11[3.2.x] Added CVE-2022-28346 and CVE-2022-28347 to security archive.Mariusz Felisiak
Backport of 78eeff8d33ead67cfc8603477c95e70f8fbe096a from main
2022-04-11[3.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) ↵Mariusz Felisiak
against SQL injection on PostgreSQL. Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main.
2022-04-11[3.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), ↵Mariusz Felisiak
and extra() against SQL injection in column aliases. Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report. Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.
2022-04-11[3.2.x] Fixed #33628 -- Ignored directories with empty names in autoreloader ↵Manel Clos
check for template changes. Regression in 68357b2ca9e88c40fc00d848799813241be39129. Backport of 62739b6e2630e37faa68a86a59fad135cc788cd7 from main.
2022-04-04[3.2.x] Added stub release notes for 3.2.13 and 2.2.28.Mariusz Felisiak
Backport of 78277faafd38d8360efc1fd0c9c52d7bb5eec002 from main
2022-02-02[3.2.x] Fixed typo in release notes.David Smith
Backport of 770d3e6a4ce8e0a91a9e27156036c1985e74d4a3 from main.
2022-02-01[3.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive.Mariusz Felisiak
Backport of 9e0df0d6dde441dbbad2b548d777e0a01d633286 from main
2022-02-01[3.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.Mariusz Felisiak
Thanks Alan Ryan for the report and initial patch. Backport of fc18f36c4ab94399366ca2f2007b3692559a6f23 from main.
2022-02-01[3.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.Markus Holtermann
Thanks Keryn Knight for the report. Backport of 394517f07886495efcf79f95c7ee402a9437bd68 from main. Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-25[3.2.x] Added stub release notes for 3.2.12 and 2.2.27.Mariusz Felisiak
Backport of eeca9342381c8583be16f18942774e785ab7e527 from main.
2022-01-04[3.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security ↵Carlton Gibson
archive. Backport of 63869ab1f191ab5781cde8b813b838300455f6d6 from main
2022-01-04[3.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage ↵Florian Apolloner
subsystem. Thanks to Dennis Brinkrolf for the report.
2022-01-04[3.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in ↵Florian Apolloner
dictsort template filter. Thanks to Dennis Brinkrolf for the report. Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04[3.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in ↵Florian Apolloner
UserAttributeSimilarityValidator. Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu>
2021-12-28[3.2.x] Added stub release notes for 3.2.11, and 2.2.26 releases.Carlton Gibson
Backport of b13d920b7b56d3e088e35311f5ee54f25d2779af from main.