chango.git - django

Age	Commit message (Collapse)	Author
13 days	Refs CVE-2026-6873 -- Moved deprecation note for ↵	Jacob Walls
	SIGNED_COOKIE_LEGACY_SALT_FALLBACK.
13 days	Refs #36593 -- Added missing deprecation note for select_related() with no ↵	Jacob Walls
	arguments.
13 days	Refs #36905 -- Added missing deprecation note for safe parameter of ↵	Jacob Walls
	JSONResponse.
2026-06-16	Fixed #37152 -- Raised ValueError when Bcc is used in EmailMessage headers.	diaxoaine
	Bcc addresses are sent via the SMTP envelope and must never appear in the message itself. A "Bcc" key in `extra_headers` was not excluded like From/To/Cc/Reply-To, so it leaked into the generated message as a visible header. Thanks Mike Edmunds for reviews.
2026-06-16	Fixed #36881 -- Corrected documentation for ModelAdmin.search_fields.	Amar

2026-06-16	Refs #37142 -- Removed docs for django.utils.warnings.django_file_prefixes().	Natalia
	This reverts docs changes from commit f970a98e464320c09dde8d45009eadfb4d038a57.
2026-06-16	Fixed #37157 -- Doc'd usage of sphinx-autobuild for documentation ↵	SnippyCodes
	auto-reloading.
2026-06-16	Fixed typo in section "Configuring email" in docs/topics/email.txt.	Mike Edmunds

2026-06-15	Fixed password hashing anchor link for references.	Tim Schilling

2026-06-15	Fixed #37128 -- Doc'd setUpTestData as test speed up.	Tim Schilling
	Revises the AnimalTestCase to better show test data isolation and avoid the opportunity to use setUpTestData.
2026-06-11	Fixed #37141 -- Added --using option to sendtestemail command.	NagaKartheekReddy

2026-06-11	Doc'd security standards in howto-release-django.txt.	Jacob Walls

2026-06-11	Fixed #37129 -- Clarified database cache culling behavior in docs.	VIZZARD-X

2026-06-11	Refs #24941 -- Doc'd get_exclude() in base features shared by InlineModelAdmin.	Jacob Walls

2026-06-11	Fixed #36837 -- Skipped backends not implementing (a)get_user() in ↵	Sezer BOZKIR
	(a)force_login(). Co-authored-by: Mykhailo Havelia <Arfey17.mg@gmail.com>
2026-06-10	Refs #37150 -- Synced docs/make.bat with docs/Makefile.	Mike Edmunds

2026-06-10	Fixed #37142 -- Moved django_file_prefixes() to django.utils.warnings.	zhengkangyang

2026-06-09	Removed obsolete Sphinx < 1.8 fallback in `VersionDirective` from djangodocs ↵	Natalia
	extension.
2026-06-09	Fixed #37150 -- Made djangodocs Sphinx extension work with any html builder.	Mike Edmunds
	Changed djangodocs extension to register DjangoHTMLTranslator for any html-format builder (in the builder-inited hook), rather than a limited list of builders at startup. That fixes missing content in dirhtml and standard html builds (including ReadTheDocs PR previews): - Missing console tabs - Empty divs for versionadded and versionchanged directives Removed JS code that depended on jQuery, which hasn't worked since Sphinx 6.0 dropped jQuery in 2023: - Unnecessary console tabs click handling. (Console tab behavior is implemented purely in CSS.) - Client-side hyperlinking of Django template tags and filters in code examples. (This is also not supported on docs.djangoproject.com.) Removed custom DjangoStandaloneHTMLBuilder and "djangohtml" builder type. Its sole purpose was to generate the "templatebuiltins.js" file used for the (non-functional) client-side template filter/tag linking. Changed docs "make html" target from "djangohtml" to standard "html".
2026-06-09	Fixed #37106 -- Clarified pylibmc workaround in unit test docs.	kikobarr

2026-06-08	Fixed #32785 -- Optimized cull frequency for DBCache.	eevelweezel

2026-06-05	Fixed #36984 -- Made inline formset error messages respect ↵	Karolis Ryselis
	delete_confirmation_max_display.
2026-06-03	Refs #36905 -- Moved JSONResponse safe param discussion to versionchanged box.	Jacob Walls
	Follow-up to 6e15ac8066312328de279e3e072667416c205bfc.
2026-06-03	Refs CVE-2026-6873 -- Defaulted SIGNED_COOKIE_LEGACY_SALT_FALLBACK ↵	Jacob Walls
	transitional setting to False.
2026-06-03	Fixed #34699 -- Added examples of database comparisons against ↵	wesley
	Extract()/Trunc().
2026-06-03	Added CVE-2026-6873, CVE-2026-7666, CVE-2026-8404, CVE-2026-35193, and ↵	Natalia
	CVE-2026-48587 to security archive.
2026-06-03	Added stub release notes for 6.0.7.	Natalia

2026-06-03	Fixed CVE-2026-48587 -- Ignored whitespace padding when checking Vary header ↵	Jake Howard
	values. Thanks to Navid Rezazadeh for the report and Jacob Walls for review.
2026-06-03	Fixed CVE-2026-35193 -- Varied on Authorization when caching non-public ↵	Jacob Walls
	responses. Thanks Shai Berger for the report, and Natalia Bidart and Sarah Boyce for reviews.
2026-06-03	Fixed CVE-2026-8404 -- Used Cache-Control directives case-insensitively in ↵	Jake Howard
	UpdateCacheMiddleware. Thanks Ahmed Badawe for the report, and Jacob Walls for reviews.
2026-06-03	Fixed CVE-2026-7666 -- Delayed setting SMTP connection until fully configured.	Jake Howard
	Thanks Kasper Dupont for the report, and Jacob Walls and Natalia Bidart for reviews.
2026-06-03	Fixed CVE-2026-6873 -- Prevented signed cookie salt namespace collisions.	Paul McMillan
	Made signed cookies derive their signer namespace from an injective encoding of `(name, salt)` while preserving compatibility with legacy `name + salt` cookies behind SIGNED_COOKIE_LEGACY_SALT_FALLBACK. Thanks Peng Zhou for the report, and Shai Berger, Markus Holterman, Jake Howard, and Paul McMillan for reviews. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2026-06-01	Fixed #28800 -- Added a listurls management command.	Chris Rose
	Thanks JaeHyuck Sa, Jacob Walls, and Tim McCurrach for reviews. Co-authored-by: Ülgen Sarıkavak <ulgensrkvk@gmail.com>
2026-06-01	Fixed #37119 -- Clarified middleware ordering note for nonce access.	vishwa

2026-06-01	Fixed #37108 -- Made DjangoJSONEncoder consistently omit .000 microseconds.	Aaryan P

2026-05-29	Refs #35514 -- Improved docs for MAILERS setting and mailers migration guide.	Natalia
	Thanks Mike Edmunds for flagging these issues and for the review.
2026-05-27	Fixed #35596 -- Removed mention of unlimited results from QuerySet.get().	CodeQuiver
	Obsolete since 330638b89f14e1fb06e9d313ccc9768ae167c53f.
2026-05-27	Updated links to severity levels in release notes.	Jacob Walls

2026-05-27	Fixed #36905 -- Deprecated the safe parameter of JSONResponse.	Tim Harris
	Peer frameworks have long since dropped their analogous checks for this vulnerability that was fixed in ES5.
2026-05-27	Fixed #37065 -- Doc'd method_decorator usage on dispatch for async views.	Carlton Gibson

2026-05-27	Added stub release notes and release date for 6.0.6 and 5.2.15.	Natalia

2026-05-26	Removed version numbers from example tox -l output.	Jacob Walls

2026-05-26	Bumped versions in pre-commit and npm configurations.	Jacob Walls

2026-05-26	Refs #35514 -- Removed specific Django versions from outside deprecated blocks.	Natalia
	This follows the contributing guidelines that state: [...] Avoid referring to a specific version of Django outside a ``deprecated`` block. Even inside a block, it's often redundant to do so as these annotations render as "Deprecated since version A.B".
2026-05-26	Refs #35870 -- Moved deprecated notice at the bottom for USE_BLANK_CHOICE_DASH.	Natalia
	Also expended a bit on details for the setting so readers know what is it about.
2026-05-26	Fixed #37116 -- Explained why a code is useful in a ValidationError.	Arthur Vuillard

2026-05-25	Corrected indentation in topics/http/shortcuts.txt.	Mariusz Felisiak

2026-05-24	Added advancing deprecations to preparing for next release instructions.	Sarah Boyce

2026-05-24	Corrected code-block indenting in docs/internals/howto-release-django.txt.	Sarah Boyce

2026-05-20	Increased the default PBKDF2 iterations for Django 6.2.	Sarah Boyce