summaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
2026-03-20Made it clear that unreviewed tickets shouldn't be claimed or started.Jake Howard
2026-03-19Fixed #36904 -- Clarified how to hide form field labels in docs.Amar
2026-03-19Refs #36795 -- Deprecated SQLCompiler.quote_name_unless_alias().Simon Charette
It has been superseded with .quote_name(), which ensures aliases are always quoted.
2026-03-19Refs #36795 -- Removed unnecessary prohibits_dollar_signs_in_column_aliases ↵Simon Charette
feature flag. Now that user provided aliases are systematically quoted there is no need to disallow the usage of the dollar sign on Postgres.
2026-03-19Fixed #36795 -- Enforced quoting of all database object names.Simon Charette
This ensures all database identifiers are quoted independently of their orign and most importantly that user provided aliases through annotate() and alias() which paves the way for dropping the allow list of characters such aliases can contain. This will require adjustments to raw SQL interfaces such as RawSQL that might make reference to ORM managed annotations as these will now be quoted. The `SQLCompiler.quote_name_unless_alias` method is kept for now as an alias for the newly introduced `.quote_name` method but will be duly deprecated in a follow up commit.
2026-03-16Combined scripts confirm_release.sh and test_new_version.sh into ↵Natalia
verify_release.sh. This reuses the same download for both artifacts and checks both GPG signature and minimal correctness in the same script. Docs and script do_django_release.py were updated.
2026-03-16Removed reference to spatialreference.org being a Django website.David Smith
spatialreference.org has been redesigned, possibly in 2023 [1], and no longer uses Django, see repo [2]. [1] https://spatialreference.org/about.html [2] https://github.com/OSGeo/spatialreference.org
2026-03-16Fixed #36859 -- Made assertContains and assertNotContains idempotent for ↵Baptiste Mispelon
streaming responses.
2026-03-16Corrected signature for EmailMessage.message() in email topics docs.Mike Edmunds
Fixed the EmailMessage.message() method signature in the docs to reinforce that the `policy` argument is keyword-only. (The text already describes it correctly as keyword-only.)
2026-03-16Fixed #36894 -- Added TypeError for conflicting arguments in mail APIs.Praful Gulani
A TypeError is now raised if fail_silently=True, auth_user, or auth_password are provided along a connection. Updated AdminEmailHandler in django.utils.log to remove redundant fail_silently=True. Thanks Mike Edmunds for the report and Jacob Tyler Walls for the review.
2026-03-15Fixed typo in docs/internals/contributing/accessibility.txt.dcsid
2026-03-14Fixed #35786 -- Removed outdated note about database defaults in ↵Ahmed Nassar
AddField/AlterField docs.
2026-03-12Fixed #36727 -- Deprecated Field.get_placeholder in favor of ↵Simon Charette
get_placeholder_sql. The lack of ability of the get_placeholder call chain to return SQL and parameters separated so they can be mogrified by the backend at execution time forced implementations to dangerously interpolate potentially user controlled values. The get_placeholder_sql name was chosen due to its proximity to the previous method, but other options such as Field.as_sql were considered but ultimately rejected due to its different input signature compared to Expression.as_sql that might have lead to confusion. There is a lot of overlap between what Field.get_db_prep_value and get_placeholder_sql do but folding the latter in the former would require changing its return signature to return expression which is a way more invasive change than what is proposed here. Given we always call get_db_prep_value it might still be an avenue worth exploring in the future to offer a publicly documented interface to allow field to take an active part in the compilation chain. Thanks Jacob for the review.
2026-03-12Discouraged automated AI reviews of pull requests.Natalia
Some contributors have been requesting Copilot reviews on pull requests submitted to the Django repository. These automated reviews add noise to the PR history, making it harder to follow the discussion, and Django does not incorporate them into its review process. This change discourages the practice by: - Adding a `copilot-instructions.md` file instructing Copilot to decline review requests in this repository. - Adding a checklist item to the PR template asking contributors not to request automated AI reviews for their PR. - Documenting the policy in the contributing guidelines.
2026-03-10Fixed #36391 -- Doc'd RawSQL usage in docs/topics/db/sql.txt.Amar
2026-03-09Fixed #36600 -- Clarified the use cases for dispatch_uid in signal connection.Amar
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2026-03-09Fixed #36293 -- Avoided buffering streaming responses in GZipMiddleware.farhan
This avoids latency and/or blocking. The example of streaming a CSV file was rewritten to employ batching for greater efficiency in all layers (db, HTTP, etc.). The improved performance from batching should outweigh the drag introduced by an additional byte for each flush. Co-authored-by: huoyinghui <huoyinghui@users.noreply.github.com>
2026-03-06Extended committing code docs to add detailed instructions for backports.Natalia
Thanks to Jacob Walls for the original idea and the review.
2026-03-06Extended checks and docs for proper commit message format and edition.Jacob Walls
Thanks to Tim Schilling for the review. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2026-03-04Fixed #21080 -- Ignored urls inside comments during collectstatic.James Bligh
Thanks Mariusz Felisiak for the review. Co-authored-by: Nathan Gaberel <nathan@gnab.fr>
2026-03-03Fixed #36887 -- Improved admin changelist layout for object-tools button.Jacob Walls
2026-03-03Refs #35859 -- Mentioned django-tasks and external resources on ↵Jake Howard
docs/topics/tasks.txt.
2026-03-03Fixed #20775 -- Clarified that SQL for text lookups varies per database.Lakshya
2026-03-03Added CVE-2026-25673 and CVE-2026-25674 to security archive.Natalia
2026-03-03Added stub release notes for 6.0.4.Natalia
2026-03-03Fixed CVE-2026-25674 -- Prevented potentially incorrect permissions on file ↵Natalia
system object creation. This fix introduces `safe_makedirs()` in the `os` utils as a safer alternative to `os.makedirs()` that avoids umask-related race conditions in multi-threaded environments. This is a workaround for https://github.com/python/cpython/issues/86533 and the solution is based on the fix being proposed for CPython. Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> Co-authored-by: Zackery Spytz <zspytz@gmail.com> Refs CVE-2020-24583 and #31921. Thanks Tarek Nakkouch for the report, and Jake Howard, Jacob Walls, and Shai Berger for reviews.
2026-03-03Fixed CVE-2026-25673 -- Simplified URLField scheme detection.Natalia
This simplicaftion mitigates a potential DoS in URLField on Windows. The usage of `urlsplit()` in `URLField.to_python()` was replaced with `str.partition(":")` for URL scheme detection. On Windows, `urlsplit()` performs Unicode normalization which is slow for certain characters, making `URLField` vulnerable to DoS via specially crafted POST payloads. Thanks Seokchan Yoon for the report, and Jake Howard and Shai Berger for the review. Refs #36923. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2026-03-02Fixed #36961 -- Fixed TypeError in deprecation warnings if Django is ↵Jacob Walls
imported by namespace.
2026-03-02Aligned docs checks between GitHub Actions and local development.Natalia
2026-02-27Fixed #27489 -- Renamed permissions upon model renaming in migrations.Artyom Kotovskiy
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2026-02-27Fixed #34643 -- Moved inputs beneath labels and errors in admin forms.antoliny0919
Thanks Sarah Boyce and Jacob Walls for reviews. Co-authored-by: Hrushikesh Vaidya <hrushikeshrv@gmail.com>
2026-02-26Adjusted default DoS severity level in Security Policy.Natalia
2026-02-25Fixed #36848 -- Mentioned BadRequest exception in docs/ref/views.txt.LincolnPuzey
2026-02-25Fixed #36951 -- Removed empty exc_info from log_task_finished signal handler.Elias Hernandis
Before, if no exception occurred, "None Type: None" was logged.
2026-02-25Fixed #36944 -- Removed MAX_LENGTH_HTML and related 5M chars limit ↵Natalia
references from HTML truncation docs.
2026-02-24Added stub release notes and release date for 6.0.3, 5.2.12, and 4.2.29.Natalia
2026-02-21Fixed #36899 -- Implemented SessionBase.__bool__.Amar
2026-02-20Fixed #36920 -- Fixed alignment of fieldset legends in wide admin forms.usman
Visual regression in 4187da258fe212d494cb578a0bc2b52c4979ab95.
2026-02-20Refs #36934, #35972 -- Forwardported release note for tolerating sequences ↵Jacob Walls
in BuiltinLookup.as_sql(). Instead of cherry-picking a larger changeset (787cc96ef6197d73c7d4ad96f25500910c399603) and removing changes unsuitable for a backport, a partial backport was applied directly to stable/6.0.x to resolve #36934, so the release note needs to be forwardported. Forwardport of f9b820f8ac50aad025949087e660a551691832e4 from stable/6.0.x.
2026-02-19Fixed #36929 -- Dropped support for GEOS 3.9.Pravin Kamble
Thanks David Smith for report and Tim Graham for review.
2026-02-18Refs #19221 -- Fixed outdated KEY_FUNCTION definition in docs/ref/settings.txt.Mike Edmunds
Replaced outdated version of `default_key_func` in settings reference with pointer to current version in cache topic. Rewrote description to match parameter order and behavior of default implementation. Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2026-02-16Fixed #36918 -- Removed double spaces and fixed minor grammar issues in docs.$ῗἧḡḥ𝐀丂𝓱м𝑒𝑒𝐓
Co-authored-by: Clifford Gama <cliffygamy@gmail.com>
2026-02-13Fixed #36857 -- Added QuerySet.totally_ordered property.VIZZARD-X
Thanks Simon Charette for the idea.
2026-02-10Fixed #36841 -- Made multipart parser class pluggable on HttpRequest.farhan
2026-02-10Fixed #36903 -- Fixed further NameErrors when inspecting functions with ↵93578237
deferred annotations. Provide a wrapper for safe introspection of user functions on Python 3.14+. Follow-up to 601914722956cc41f1f2c53972d669ddee6ffc04.
2026-02-10Added stub release notes for 5.2.12.Jacob Walls
2026-02-10Fixed #36890 -- Supported StringAgg(distinct=True) on SQLite with the ↵varunkasyap
default delimiter.
2026-02-10Fixed #34352 -- Unified terms in Signals docs.Hossam Hassan
2026-02-10Clarified optional nature of Contributor License Agreement.Jacob Walls
It's not clear that CLAs are needed to ensure contributors are assenting to our license (the "inbound=outbound" agreement), but we can keep them around for contributors who would like to (or are required by their employer) to submit one, without investing additional resources in checking every single contribution. See https://forum.djangoproject.com/t/cla-vs-dco-for-django-contributors/42399 and recent board minutes.
2026-02-10Refs #35444 -- Doc'd deprecation in ↵Jacob Walls
contrib.postgres.aggreggates.StringAgg.delimiter.