summaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
2021-06-02[3.2.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.Mariusz Felisiak
validate_ipv4_address() was affected only on Python < 3.9.5, see [1]. URLValidator() uses a regular expressions and it was affected on all Python versions. [1] https://bugs.python.org/issue36384
2021-06-02[3.2.x] Fixed CVE-2021-33203 -- Fixed potential path-traversal via ↵Florian Apolloner
admindocs' TemplateDetailView.
2021-06-02[3.2.x] Confirmed release date for Django 3.2.4, 3.1.12, and 2.2.24.Carlton Gibson
Backport of f66ae7a2d5558fe88ddfe639a610573872be6628 from main
2021-06-02[3.2.x] Fixed typo in docs/internals/contributing/writing-code/coding-style.txt.Jacob Walls
Backport of 1443b5e9aca56e249d751d6486c402b3679d3c38 from main
2021-06-01[3.2.x] Fixed #32793 -- Fixed loss of precision for temporal operations with ↵Mariusz Felisiak
DecimalFields on MySQL. Regression in 1e38f1191de21b6e96736f58df57dfb851a28c1f. Thanks Mohsen Tamiz for the report. Backport of e703b152c6148ddda1b072a4353e9a41dca87f90 from main
2021-05-27[3.2.x] Fixed typo in MiddlewareMixin deprecation note.Nick Pope
Backport of e513fb0e77baf2ebcbf2cbe366bdf0228d01119f from main.
2021-05-26[3.2.x] Fixed #32783 -- Fixed crash of autoreloader when __main__ module ↵Mariusz Felisiak
doesn't have __spec__ attribute. Regression in ec6d2531c59466924b645f314ac33f54470d7ac3. Thanks JonathanNickelson for the report. Backport of 12b19a1d76e1a6f80923c8358290d605dacd65d4 from main
2021-05-26[3.2.x] Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24.Carlton Gibson
Backport of b46dbd4e3e255223078ae0028934ea986e19ebc1 from main
2021-05-26[3.2.x] Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for ↵Hasan Ramezani
template changes. Backport of 68357b2ca9e88c40fc00d848799813241be39129 from main
2021-05-20[3.2.x] Changed IRC references to Libera.Chat.Mariusz Felisiak
Backport of 66491f08fe86629fa25977bb3dddda06959f65e7 from main.
2021-05-20[3.2.x] Fixed note about ISP caching in docs.Ben Sturmfels
Regression in 7aabd6238028f4bb78d0687bbccc97bcf634e28b. Backport of 31b6ce9ff938a0968f2e526f5d5e106fd17e3dfa from main
2021-05-20[3.2.x] Added note about culling in database cache backend docs.Mike Lissner
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Backport of 6e155d280dbe4bab171619654d8abc4b7f197e78 from main
2021-05-19[3.2.x] Doc'd that HttpRequest.path doesn't contain a query string.David D Lowe
Backport of fa4e963ee7e6876581b5432363603571839ba00c from main
2021-05-19[3.2.x] Fixed #32740 -- Caught possible exception when initializing colorama.Carlton Gibson
Backport of c2e6047c725e26987c87e2be59f2ab4bf9828fa5 from main
2021-05-19[3.2.x] Fixed typo in docs/ref/contrib/admin/index.txt.David Sanders
Backport of dacc307d9396516e7d3609b7b91e2ec545c84ebc from main
2021-05-18[3.2.x] Fixed #32747 -- Prevented initialization of unused caches.Mariusz Felisiak
Thanks Alexander Ebral for the report. Regression in 98e05ccde440cc9b768952cc10bc8285f4924e1f. Backport of 958cdf65ae90d26236d1815bbba804729595ec7a from main
2021-05-18[3.2.x] Fixed #32733 -- Skipped system check for specifying type of ↵Rust Saiargaliev
auto-created primary keys on abstract models. Regression in b5e12d490af3debca8c55ab3c1698189fdedbbdb. Backport of a24fed399ced6be2e9dce4cf28db00c3ee21a21c from main
2021-05-18[3.2.x] Fixed #32755 -- Corrected Model.get_absolute_url() example in docs.Girish Sontakke
Backport of 27d4573d35935bff83c28bfd68a2ce5a7a6c600a from main
2021-05-18[3.2.x] Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME.Slava Skvortsov
Regression in ba31b0103442ac891fb3cb98f316781254e366c3. Backport of f7691d4812c578e696635718e67639d2e08eac40 from main
2021-05-17[3.2.x] Refs #32720 -- Updated various links in docs to avoid redirects and ↵Nick Pope
use HTTPS. Backport of c156e369553c75a30c78b8ed54a57b1101865105 from main
2021-05-17[3.2.x] Refs #32720 -- Fixed some broken links in docs.Nick Pope
Backport of 7c4ee487c7392a3a394caf62efad355fad639655 from main
2021-05-17[3.2.x] Refs #32720 -- Used full hashes in security archive.Nick Pope
Backport of 1c3bbcf802e661fc599365a097532ed3b362d16b from main
2021-05-17[3.2.x] Corrected commit hashes for security patches.Mariusz Felisiak
Backport of df5c96299ae30dcf8f152cc43c331fb34d39080e from main
2021-05-17[3.2.x] Refs #32720 -- Used :commit: and :source: role in old release notes.Nick Pope
Backport of 8c4caee76a5571c6c8050660a6a9fc30ece6678d from main
2021-05-13[3.2.x] Added stub release notes for Django 3.2.4.Mariusz Felisiak
Backport of 820408d842a07202a80e6ef7f7a57ec6258d88e6 from main
2021-05-13[3.2.x] Fixed #32718 -- Relaxed file name validation in FileField.Mariusz Felisiak
- Validate filename returned by FileField.upload_to() not a filename passed to the FileField.generate_filename() (upload_to() may completely ignored passed filename). - Allow relative paths (without dot segments) in the generated filename. Thanks to Jakub Kleň for the report and review. Thanks to all folks for checking this patch on existing projects. Thanks Florian Apolloner and Markus Holtermann for the discussion and implementation idea. Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3. Backport of b55699968fc9ee985384c64e37f6cc74a0a23683 from main
2021-05-13[3.2.x] Fixed #32717 -- Fixed filtering of querysets combined with the | ↵Simon Charette
operator. Address a long standing bug in a Where.add optimization to discard equal nodes that was surfaced by implementing equality for Lookup instances in bbf141bcdc31f1324048af9233583a523ac54c94. Thanks Shaheed Haque for the report. Backport of b81c7562fc33f50166d5120138d6398dc42b13c3 from main
2021-05-12[3.2.x] Fixed #26721 -- Doc'd setting UTF-8 on Windows.David Smith
Backport of 0456d3e42795481a186db05719300691fe2a1029 from main
2021-05-12[3.2.x] Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' ↵Nick Pope
connection options in MySQL backend. The 'db' and 'passwd' connection options have been deprecated, use 'database' and 'password' instead (available since mysqlclient >= 1.3.8). This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL. Backport of 1061f5243646b4c9b8a758f8a36c9e2ccdded1cf from main
2021-05-12[3.2.x] Refs #32366 -- Avoided use of datetime.utcnow() in the documentation.Nick Pope
Backport of 69ffb1acf38bd34f76707468bb592eb4b164e2da from main
2021-05-12[3.2.x] Fixed a typo in docs/ref/models/fields.txt.Nick Pope
datetime.date.utcnow() doesn't exist, should be .today(). Backport of 88b3982af396a7c2eca0db9c52dfa9830045cc19 from main
2021-05-12[3.2.x] Refs #32718 -- Corrected CVE-2021-31542 release notes.Mariusz Felisiak
Backport of d1f1417caed648db2f81a1ec28c47bf958c01958 from main
2021-05-06[3.2.x] Fixed typo in docs/internals/contributing/writing-documentation.txt.Nick Pope
Backport of c240ceea7d88c6a8058dcacb37356c93e0a3618f from main
2021-05-06[3.2.x] Added stub release notes for Django 3.2.3.Mariusz Felisiak
Backport of 29779075d7f5e1a8cfe0933661d5255e2d7d3cbd from main
2021-05-06[3.2.x] Added CVE-2021-32052 to security archive.Mariusz Felisiak
Backport of efebcc429f048493d6bc710399e65d98081eafd5 from main
2021-05-06[3.2.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs ↵Mariusz Felisiak
from being accepted in URLValidator on Python 3.9.5+. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs [1, 2]. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid. [1] https://bugs.python.org/issue43882 and [2] https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 Backport of e1e81aa1c4427411e3c68facdd761229ffea6f6f from main.
2021-05-05[3.2.x] Fixed #32714 -- Prevented recreation of migration for Meta.ordering ↵Simon Charette
with OrderBy expressions. Regression in c8b659430556dca0b2fe27cf2ea0f8290dbafecd. Thanks Kevin Marsh for the report. Backport of 96f55ccf798c7592a1203f798a4dffaf173a9263 from main
2021-05-04[3.2.x] Added CVE-2021-31542 to security archive.Carlton Gibson
Backport of 607ebbfba915de2d84eb943aa93654f31817a709 and 62b2e8b37e37a313c63be40e3223ca4e830ebde3 from main
2021-05-04[3.2.x] Added stub release notes for Django 3.2.2.Carlton Gibson
Backport of 5a43cfe24533591a020ba4e730440bad81c478db from main
2021-05-04[3.2.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in ↵Florian Apolloner
file uploads.
2021-04-30[3.2.x] Added spelling option to make.bat.Susan Wright
Backport of 7582d913e7db7f32e4cdcfafc177aa77cbbf4332 from main
2021-04-29[3.2.x] Refs #32178 -- Doc'd ↵Hasan Ramezani
DatabaseFeatures.django_test_skips/django_test_expected_failures in contributing guide. Backport of ca34db46504fca1221e27f6ab13734dfdfde6e1c from main
2021-04-29[3.2.x] Refs #32674 -- Noted that auto-created through table PKs cannot be ↵Carlton Gibson
automatically migrated. Backport of 907d3a7ff4e12ad4ccc86af26a728007fe4d6fa2 from main
2021-04-29[3.2.x] Refs #32694 -- Clarified when colorama requirement is needed in ↵Carlton Gibson
Windows how-to. Backport of 4f128fcf5dd5099a5ea374a87cad64852a9b62dd from main
2021-04-28[3.2.x] Corrected introduction to range field lookups docs.Adam Johnson
Follow up to 24b9f5082344a127147266dd52d5d2dcd1c9cb44. Backport of 68e876c0953f882e54dddd49ef727f9e38e2d0d1 from main
2021-04-28[3.2.x] Fixed #32632, Fixed #32657 -- Removed flawed support for Subquery ↵Simon Charette
deconstruction. Subquery deconstruction support required implementing complex and expensive equality rules for sql.Query objects for little benefit as the latter cannot themselves be made deconstructible to their reference to model classes. Making Expression @deconstructible and not BaseExpression allows interested parties to conform to the "expression" API even if they are not deconstructible as it's only a requirement for expressions allowed in Model fields and meta options (e.g. constraints, indexes). Thanks Phillip Cutter for the report. This also fixes a performance regression in bbf141bcdc31f1324048af9233583a523ac54c94. Backport of c8b659430556dca0b2fe27cf2ea0f8290dbafecd from main
2021-04-27[3.2.x] Fixed #32687 -- Restored passing process’ environment to ↵Konstantin Alekseev
underlying tool in dbshell on PostgreSQL. Regression in bbe6fbb8768e8fb1aecb96d51c049d7ceaf802d3. Backport of 6e742dabc95b00ba896434293556adeb4dbaee8a from main.
2021-04-27[3.2.x] Fixed #32682 -- Made admin changelist use Exists() instead of ↵Mariusz Felisiak
distinct() for preventing duplicates. Thanks Zain Patel for the report and Simon Charette for reviews. The exception introduced in 6307c3f1a123f5975c73b231e8ac4f115fd72c0d revealed a possible data loss issue in the admin. Backport of 187118203197801c6cb72dc8b06b714b23b6dd3d from main
2021-04-27[3.2.x] Refs #32682 -- Renamed use_distinct variable to may_have_duplicates.Mariusz Felisiak
QuerySet.distinct() is not the only way to avoid duplicate, it's also not preferred. Backport of cd74aad90e09865ae6cd8ca0377ef0a5008d14e9 from main
2021-04-26[3.2.x] Fixed #32681 -- Fixed VariableDoesNotExist when rendering some admin ↵Zain Patel
template. Regression in 84609b3205905097d7d3038d32e6101f012c0619. Backport of 4e5bbb6ef2287126badd32842b239f4a8a7394ca from main.