summaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
2023-02-01[4.0.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for ↵Nick Pope
Accept-Language. The parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. Accept-Language headers are now limited to a maximum length in order to avoid this issue.
2023-01-25[4.0.x] Adjusted release notes for 4.0.9, and 3.2.17.Carlton Gibson
Backport of d8e1442ce2c56282785dd806e5c1147975e8c857 from main
2023-01-25[4.0.x] Added stub release notes for 4.0.9 and 3.2.17.Carlton Gibson
Backport of 1df963ad2476726d63be132c0cee47e07b8250d7 from main
2022-12-29[4.0.x] Disabled auto-created table of contents entries on Sphinx 5.2+.Mariusz Felisiak
Auto-created table of contents entries for all domain objects (e.g. functions, classes, attributes, etc.) were added in Sphinx 5.2, see https://github.com/sphinx-doc/sphinx/issues/6316. An option to control new table of contents entries was added in Sphinx 5.2.3, see https://github.com/sphinx-doc/sphinx/pull/10886. Backport of 279967ec859a9a5240318cf29a077539b0e3139f from main
2022-10-29[4.0.x] Removed obsolete doc reference to asyncio.iscoroutinefunction.Nick Pope
Backport of 970f61fefb148284fb2af63b5cc844279254111a from main
2022-10-04[4.0.x] Added CVE-2022-36359 to security archive.Carlton Gibson
Backport of 93d4c9ea1de24eb391cb2b3561b6703fd46374df from main
2022-09-27[4.0.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as ↵Adam Johnson
regular expressions. Thanks to Benjamin Balder Bach for the report.
2022-09-27[4.0.x] Set date and added stub notes for 4.0.8 and 3.2.16 releases.Carlton Gibson
Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main.
2022-08-03[4.0.x] Added CVE-2022-36359 to security archive.Carlton Gibson
Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main
2022-08-03[4.0.x] Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header.Carlton Gibson
Thanks to Motoyasu Saburi for the report.
2022-08-03[4.0.x] Adjusted version 4.0.7 release notes.Carlton Gibson
Backport of 9062c23de80e999009cbe4100d83e90dd0463612 from main
2022-07-27[4.0.x] Adjusted release notes for 4.0.7 and 3.2.15.Carlton Gibson
Backport of cadd864f6878c1c02a014589876ece166befdeb3 from main
2022-07-27[4.0.x] Added release date and stub release notes for 4.0.7 and 3.2.15 releases.Carlton Gibson
Backport of 0c1675781ec5944132fe5a475ca6064edc71bd81 from main
2022-07-26[4.0.x] Fixed #33820 -- Doc'd "true"/"false"/"null" caveat for JSONField key ↵Mariusz Felisiak
transforms on SQLite. Thanks Johnny Metz for the report. Regression in 71ec102b01fcc85acae3819426a4e02ef423b0fa. Backport of e20e5d1557785ba71e8ef0ceb8ccb85bdc13840a from main
2022-07-04[4.0.x] Added CVE-2022-34265 to security archive.Mariusz Felisiak
Backport of d12d7c4c42814736c24731a6a300a79526fc2ef6 from main
2022-07-04[4.0.x] Added stub release notes for 4.0.7.Mariusz Felisiak
Backport of c6932ea2ea7ec431245b9a343c72318bb758072f from main
2022-07-04[4.0.x] Updated man page for Django 4.0.6.Mariusz Felisiak
2022-07-04[4.0.x] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) ↵Mariusz Felisiak
against SQL injection. Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
2022-07-02[4.0.x] Fixed typo in docs/topics/signals.txt.Aristotelis Mikropoulos
Backport of 5eb6a2b33d70b9889e1cafa12594ad6f80773d3a from main
2022-06-27[4.0.x] Fixed docs build with sphinxcontrib-spelling 7.5.0+.Mariusz Felisiak
sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set of nodes for which the text is checked. Backport of ac90529cc58507d9a07610809a795ec5fc3cbf8c from main.
2022-06-27[4.0.x] Added stub release notes and release date for 4.0.6 and 3.2.14.Mariusz Felisiak
Backport of b2eff16806057095c7dd3daa9402ad615e51627f from main
2022-06-21[4.0.x] Fixed #33789 -- Doc'd changes in quoting table/column names on ↵Mariusz Felisiak
Oracle in Django 4.0. Thanks Paul in 't Hout for the report. Regression in 1f643c28b5f2b039c47155692844dbae1cb091cd. Backport of a0608c4b111555023c24ab7333a42ec53dca6b42 from main
2022-06-16[4.0.x] Updated OWASP Top 10 link in security topic.Grammy Jiang
Backport of ef9121f3e6f62060d2904fb1811dbe7d74834686 from main
2022-06-01[4.0.x] Added stub release notes for 4.0.6.Carlton Gibson
Backport of d5bc36203057627f6f7d0c6dc97b31adde6f4313 from main
2022-06-01[4.0.x] Updated release date for Django 4.0.5.Carlton Gibson
Backport of 40bf34a92fe5e876197df161e13eca3902b8878c from main
2022-06-01[4.0.x] Fixed #33753 -- Fixed docs build on Sphinx 5+.Mariusz Felisiak
Empty language is not supported anymore. Backport of 565ad5ace46aa1e2368450701cba45dd1a95a026 from main
2022-05-31[4.0.x] Bumped minimum Sphinx version to 4.5.0.Mariusz Felisiak
Related Sphinx changes: - https://github.com/sphinx-doc/sphinx/pull/8898 - https://github.com/sphinx-doc/sphinx/issues/8326 Backport of ebf25555bbed3e9112d4b726575d60b242daf48a from main
2022-05-25[4.0.x] Unified AdminSite imports in docs.Hasan Ramezani
Backport of ce69e34bd646558bb44ea92cecfd98b345a0b3e0 from main
2022-05-21[4.0.x] Fixed #33725 -- Made hidden quick filter in admin's navigation ↵Sankalp
sidebar not focusable. Regression in d915dd1c5809d7c2bb3679751cd5277571dcd9f7. Follow up to 780473d75625d014cbe9b0acdea40b7a5970d5d8. Backport of 90dcf271147693a8897f644c4c8943c5b73c02f8 from main.
2022-05-20[4.0.x] Fixed #33721 -- Added DE-9IM link in GEOS docs.Burak Kadir Er
Backport of 1be9585d73c50df733eb4d1484651bb8548a1205 from main
2022-05-19[4.0.x] Removed unnecessary semicolons in docs about performing raw SQL.Tom Sparrow
Backport of e89f9571352f42c7752b351ba1e651485e5e7c51 from main
2022-05-19[4.0.x] Fixed #33705 -- Fixed crash when using IsNull() lookup in filters.David Wobrock
Thanks Florian Apolloner for the report. Thanks Simon Charette for the review. Backport of 9f5548952906c6ea97200c016734b4f519520a64 from main
2022-05-16[4.0.x] Refs #33685 -- Doc'd that using PostgreSQL's service names for ↵Mariusz Felisiak
testing purposes is not supported. Backport of 647480166bfe7532e8c471fef0146e3a17e6c0c9 from main
2022-05-16[4.0.x] Fixed #33681 -- Made Redis client pass CACHES["OPTIONS"] to a ↵Mariusz Felisiak
connection pool. Thanks Ben Picolo for the report. Backport of d27e6b233f83c3429f21ff3c250a28ff302637ef from main
2022-05-06[4.0.x] Fixed #33680 -- Corrected example of customizing model loading in docs.Ali Toosi
Backport of faab9e6769b01c18d9e3a31504601452eede6150 from main
2022-05-03[4.0.x] Fixed #33658 -- Doc'd ModelChoiceField.blank attribute.Alokik Vijay
Thanks Mariusz Felisiak for reviewing. Backport of df22566748faa7bd16a9616617875e8370cbe4ee from main
2022-05-03[4.0.x] Updated release date for Django 4.0.5.Carlton Gibson
Backport of c5fd5e3cc3d767f5983d44b30df72a29c9c5de83 from main
2022-04-29[4.0.x] Refs #23435 -- Added note about GenericForeignKey indexes to docs.Steven DeMartini
Backport of 562e3bc09aa094a2ebbd3890fa233d04daafa8c9 from main
2022-04-28[4.0.x] Added backticks to code literals in various docs.David
Backport of 51874dd1605d0106c68e854572950d2b6f768fc1 from main.
2022-04-28[4.0.x] Changed "refactorings" to "refactoring" in docs/releases/1.0.txt.David
Backport of 15b888bb833ca2519a90d5eef71e221f192ea7e1 from main
2022-04-28[4.0.x] Changed "ie." to "i.e." in docs.David
Backport of 1c2bf80acb8c434a83a3d29d022dea586609f7b7 from main
2022-04-20[4.0.x] Refs #33646 -- Added example for async cross-thread connection access.Carlton Gibson
Backport of 6b53114dd862ec97c282fdfdc83579cbd6d1560d from main
2022-04-20[4.0.x] Added TiDB to list of third-party DB backends.Xiang Zhang
Backport of c8c6a51a3877c0afde4a85edd36ad308dc8909de from main
2022-04-19[4.0.x] Updated note about ListView pagination example in CBV docs.Theofilos Alexiou
Follow up to 0f0abc20be55d796ecfc3e7698e7ecfd9e9cdf88. Backport of 470708f50d8c13a50770893b8d7181f5218bf3ac from main
2022-04-19[4.0.x] Fixed #33644 -- Corrected FAQ about displaying ManyToManyField in ↵Dominik
list_filter. Backport of 7d26d5f8f17637a768f9d46e96547ae12e2418ae from main
2022-04-13[4.0.x] Updated bpo link to use redirect URI.Nick Pope
Mirrors the change made in python/cpython#32342. Backport of 62ffc9883afdc0a9f9674702661062508230d7bf from main
2022-04-11[4.0.x] Added stub release notes for 4.0.5.Mariusz Felisiak
Backport of b54fd0e36eaf8d9dd398a84a6748d60f25793788 from main
2022-04-11[4.0.x] Added CVE-2022-28346 and CVE-2022-28347 to security archive.Mariusz Felisiak
Backport of 78eeff8d33ead67cfc8603477c95e70f8fbe096a from main
2022-04-11[4.0.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) ↵Mariusz Felisiak
against SQL injection on PostgreSQL. Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main.
2022-04-11[4.0.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), ↵Mariusz Felisiak
and extra() against SQL injection in column aliases. Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report. Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.