summaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
13 daysRefs CVE-2026-6873 -- Moved deprecation note for ↵Jacob Walls
SIGNED_COOKIE_LEGACY_SALT_FALLBACK.
13 daysRefs #36593 -- Added missing deprecation note for select_related() with no ↵Jacob Walls
arguments.
13 daysRefs #36905 -- Added missing deprecation note for safe parameter of ↵Jacob Walls
JSONResponse.
2026-06-16Fixed #37152 -- Raised ValueError when Bcc is used in EmailMessage headers.diaxoaine
Bcc addresses are sent via the SMTP envelope and must never appear in the message itself. A "Bcc" key in `extra_headers` was not excluded like From/To/Cc/Reply-To, so it leaked into the generated message as a visible header. Thanks Mike Edmunds for reviews.
2026-06-16Fixed #36881 -- Corrected documentation for ModelAdmin.search_fields.Amar
2026-06-16Refs #37142 -- Removed docs for django.utils.warnings.django_file_prefixes().Natalia
This reverts docs changes from commit f970a98e464320c09dde8d45009eadfb4d038a57.
2026-06-16Fixed #37157 -- Doc'd usage of sphinx-autobuild for documentation ↵SnippyCodes
auto-reloading.
2026-06-16Fixed typo in section "Configuring email" in docs/topics/email.txt.Mike Edmunds
2026-06-15Fixed password hashing anchor link for references.Tim Schilling
2026-06-15Fixed #37128 -- Doc'd setUpTestData as test speed up.Tim Schilling
Revises the AnimalTestCase to better show test data isolation and avoid the opportunity to use setUpTestData.
2026-06-11Fixed #37141 -- Added --using option to sendtestemail command.NagaKartheekReddy
2026-06-11Doc'd security standards in howto-release-django.txt.Jacob Walls
2026-06-11Fixed #37129 -- Clarified database cache culling behavior in docs.VIZZARD-X
2026-06-11Refs #24941 -- Doc'd get_exclude() in base features shared by InlineModelAdmin.Jacob Walls
2026-06-11Fixed #36837 -- Skipped backends not implementing (a)get_user() in ↵Sezer BOZKIR
(a)force_login(). Co-authored-by: Mykhailo Havelia <Arfey17.mg@gmail.com>
2026-06-10Refs #37150 -- Synced docs/make.bat with docs/Makefile.Mike Edmunds
2026-06-10Fixed #37142 -- Moved django_file_prefixes() to django.utils.warnings.zhengkangyang
2026-06-09Removed obsolete Sphinx < 1.8 fallback in `VersionDirective` from djangodocs ↵Natalia
extension.
2026-06-09Fixed #37150 -- Made djangodocs Sphinx extension work with any html builder.Mike Edmunds
Changed djangodocs extension to register DjangoHTMLTranslator for any html-format builder (in the builder-inited hook), rather than a limited list of builders at startup. That fixes missing content in dirhtml and standard html builds (including ReadTheDocs PR previews): - Missing console tabs - Empty divs for versionadded and versionchanged directives Removed JS code that depended on jQuery, which hasn't worked since Sphinx 6.0 dropped jQuery in 2023: - Unnecessary console tabs click handling. (Console tab behavior is implemented purely in CSS.) - Client-side hyperlinking of Django template tags and filters in code examples. (This is also not supported on docs.djangoproject.com.) Removed custom DjangoStandaloneHTMLBuilder and "djangohtml" builder type. Its sole purpose was to generate the "templatebuiltins.js" file used for the (non-functional) client-side template filter/tag linking. Changed docs "make html" target from "djangohtml" to standard "html".
2026-06-09Fixed #37106 -- Clarified pylibmc workaround in unit test docs.kikobarr
2026-06-08Fixed #32785 -- Optimized cull frequency for DBCache.eevelweezel
2026-06-05Fixed #36984 -- Made inline formset error messages respect ↵Karolis Ryselis
delete_confirmation_max_display.
2026-06-03Refs #36905 -- Moved JSONResponse safe param discussion to versionchanged box.Jacob Walls
Follow-up to 6e15ac8066312328de279e3e072667416c205bfc.
2026-06-03Refs CVE-2026-6873 -- Defaulted SIGNED_COOKIE_LEGACY_SALT_FALLBACK ↵Jacob Walls
transitional setting to False.
2026-06-03Fixed #34699 -- Added examples of database comparisons against ↵wesley
Extract()/Trunc().
2026-06-03Added CVE-2026-6873, CVE-2026-7666, CVE-2026-8404, CVE-2026-35193, and ↵Natalia
CVE-2026-48587 to security archive.
2026-06-03Added stub release notes for 6.0.7.Natalia
2026-06-03Fixed CVE-2026-48587 -- Ignored whitespace padding when checking Vary header ↵Jake Howard
values. Thanks to Navid Rezazadeh for the report and Jacob Walls for review.
2026-06-03Fixed CVE-2026-35193 -- Varied on Authorization when caching non-public ↵Jacob Walls
responses. Thanks Shai Berger for the report, and Natalia Bidart and Sarah Boyce for reviews.
2026-06-03Fixed CVE-2026-8404 -- Used Cache-Control directives case-insensitively in ↵Jake Howard
UpdateCacheMiddleware. Thanks Ahmed Badawe for the report, and Jacob Walls for reviews.
2026-06-03Fixed CVE-2026-7666 -- Delayed setting SMTP connection until fully configured.Jake Howard
Thanks Kasper Dupont for the report, and Jacob Walls and Natalia Bidart for reviews.
2026-06-03Fixed CVE-2026-6873 -- Prevented signed cookie salt namespace collisions.Paul McMillan
Made signed cookies derive their signer namespace from an injective encoding of `(name, salt)` while preserving compatibility with legacy `name + salt` cookies behind SIGNED_COOKIE_LEGACY_SALT_FALLBACK. Thanks Peng Zhou for the report, and Shai Berger, Markus Holterman, Jake Howard, and Paul McMillan for reviews. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2026-06-01Fixed #28800 -- Added a listurls management command.Chris Rose
Thanks JaeHyuck Sa, Jacob Walls, and Tim McCurrach for reviews. Co-authored-by: Ülgen Sarıkavak <ulgensrkvk@gmail.com>
2026-06-01Fixed #37119 -- Clarified middleware ordering note for nonce access.vishwa
2026-06-01Fixed #37108 -- Made DjangoJSONEncoder consistently omit .000 microseconds.Aaryan P
2026-05-29Refs #35514 -- Improved docs for MAILERS setting and mailers migration guide.Natalia
Thanks Mike Edmunds for flagging these issues and for the review.
2026-05-27Fixed #35596 -- Removed mention of unlimited results from QuerySet.get().CodeQuiver
Obsolete since 330638b89f14e1fb06e9d313ccc9768ae167c53f.
2026-05-27Updated links to severity levels in release notes.Jacob Walls
2026-05-27Fixed #36905 -- Deprecated the safe parameter of JSONResponse.Tim Harris
Peer frameworks have long since dropped their analogous checks for this vulnerability that was fixed in ES5.
2026-05-27Fixed #37065 -- Doc'd method_decorator usage on dispatch for async views.Carlton Gibson
2026-05-27Added stub release notes and release date for 6.0.6 and 5.2.15.Natalia
2026-05-26Removed version numbers from example tox -l output.Jacob Walls
2026-05-26Bumped versions in pre-commit and npm configurations.Jacob Walls
2026-05-26Refs #35514 -- Removed specific Django versions from outside deprecated blocks.Natalia
This follows the contributing guidelines that state: [...] Avoid referring to a specific version of Django outside a ``deprecated`` block. Even inside a block, it's often redundant to do so as these annotations render as "Deprecated since version A.B".
2026-05-26Refs #35870 -- Moved deprecated notice at the bottom for USE_BLANK_CHOICE_DASH.Natalia
Also expended a bit on details for the setting so readers know what is it about.
2026-05-26Fixed #37116 -- Explained why a code is useful in a ValidationError.Arthur Vuillard
2026-05-25Corrected indentation in topics/http/shortcuts.txt.Mariusz Felisiak
2026-05-24Added advancing deprecations to preparing for next release instructions.Sarah Boyce
2026-05-24Corrected code-block indenting in docs/internals/howto-release-django.txt.Sarah Boyce
2026-05-20Increased the default PBKDF2 iterations for Django 6.2.Sarah Boyce