| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-08-01 | Added CVE-2019-14232 to the security release archive. | Carlton Gibson | |
| 2019-08-01 | Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in ↵ | Florian Apolloner | |
| django.utils.encoding.uri_to_iri(). Thanks to Guido Vranken for initial report. | |||
| 2019-08-01 | Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index ↵ | Mariusz Felisiak | |
| lookups against SQL injection. Thanks to Sage M. Abdullah for the report and initial patch. Thanks Florian Apolloner for reviews. | |||
| 2019-08-01 | Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ↵ | Florian Apolloner | |
| strip_tags() when handling incomplete HTML entities. Thanks to Guido Vranken for initial report. | |||
| 2019-08-01 | Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when ↵ | Florian Apolloner | |
| truncating HTML. Thanks to Guido Vranken for initial report. | |||
| 2019-07-31 | Fixed #30665 -- Added support for distinct argument to Avg() and Sum(). | Étienne Beaulé | |
| 2019-07-31 | Fixed #30160 -- Added support for LZMA and XZ templates to ↵ | Nick Pope | |
| startapp/startproject management commands. | |||
| 2019-07-31 | Refs #30160 -- Doc'd startapp/startproject support for tarfile templates. | Nick Pope | |
| 2019-07-31 | Refs #30160 -- Simplified archive extension map and added other aliases. | Nick Pope | |
| 2019-07-29 | Fixed #30656 -- Added QuerySet.bulk_update() to the database optimization docs. | daniel a rios | |
| 2019-07-29 | Refs #30656 -- Reorganized bulk methods in the database optimization docs. | daniel a rios | |
| 2019-07-27 | Refs #28147 -- Fixed setting of OneToOne and Foreign Key fields to None when ↵ | Jon Dufresne | |
| using attnames. Regression in 519016e5f25d7c0a040015724f9920581551cab0. | |||
| 2019-07-25 | Added stub release notes for security releases. | Carlton Gibson | |
| 2019-07-25 | Fixed #30657 -- Allowed customizing Field's descriptors with a ↵ | Jon Dufresne | |
| descriptor_class attribute. Allows model fields to override the descriptor class used on the model instance attribute. | |||
| 2019-07-24 | Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be ↵ | Tom Forbes | |
| resolved. | |||
| 2019-07-23 | Fixed typo in docs/topics/http/sessions.txt. | terminator14 | |
| 2019-07-23 | Fixed #30506 -- Fixed crash of autoreloader when path contains null characters. | Tom Forbes | |
| 2019-07-19 | Refs #30083 -- Added a warning about performing queries in pre/post_init ↵ | Mariusz Felisiak | |
| receivers. Thanks Carlton Gibson the review. | |||
| 2019-07-19 | Refs #30083 -- Clarified database state of instances in signals.pre_init docs. | Mariusz Felisiak | |
| 2019-07-18 | Fixed #30648 -- Removed unnecessary overriding get_context_data() from ↵ | Davit Gachechiladze | |
| mixins with CBVs docs. | |||
| 2019-07-18 | Refs #30547 -- Clarified that partial UniqueConstraints don't affect model ↵ | Mariusz Felisiak | |
| validation. | |||
| 2019-07-16 | Fixed #29824 -- Added support for database exclusion constraints on PostgreSQL. | Mads Jensen | |
| Thanks to Nick Pope and Mariusz Felisiak for review. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2019-07-16 | Refs #29824 -- Added RangeOperators helper class. | Mads Jensen | |
| 2019-07-16 | Fixed heading level typo in docs/ref/contrib/postgres/fields.txt. | Mariusz Felisiak | |
| 2019-07-16 | Updated WSGI servers ordering according to the more commonly used. | Frank Wiles | |
| 2019-07-15 | Fixed explanation of how to automatically create tables in database. | Frank Wiles | |
| 2019-07-11 | Doc'd --no-input option for createsuperuser. | Hasan Ramezani | |
| 2019-07-10 | Updated Select2 to version 4.0.7. | Johannes Hoppe | |
| 2019-07-10 | Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField ↵ | Mariusz Felisiak | |
| when the right hand side is the same type. Thanks Tilman Koschnick for the report and initial patch. Thanks Carlton Gibson the review. Regression in 6b048b364ca1e0e56a0d3815bf2be33ac9998355. | |||
| 2019-07-10 | Fixed #30628 -- Adjusted expression identity to differentiate bound fields. | Simon Charette | |
| Expressions referring to different bound fields should not be considered equal. Thanks Julien Enselme for the detailed report. Regression in bc7e288ca9554ac1a0a19941302dea19df1acd21. | |||
| 2019-07-09 | Fixed typos in docs/ref/django-admin.txt. | Mariusz Felisiak | |
| 2019-07-09 | Added stub release notes for 2.2.4. | Mariusz Felisiak | |
| 2019-07-08 | Fixed #30397 -- Added app_label/class interpolation for names of indexes and ↵ | can | |
| constraints. | |||
| 2019-07-08 | Refs #29444 -- Added support for fetching a returned non-integer insert ↵ | Johannes Hoppe | |
| values on Oracle. This is currently not actively used, since the ORM will ask the SQL compiler to only return auto fields. | |||
| 2019-07-08 | Fixed #30620 -- Made an example of admin-compliant custom user app pep8 ↵ | Nuno | |
| compliant. | |||
| 2019-07-05 | Fixed #30613 -- Moved index name validation to system checks. | can | |
| 2019-07-04 | Fixed #30600 -- Clarified that ValueError raised by converter.to_python() ↵ | sp1rs | |
| means no match. | |||
| 2019-07-04 | Fixed #28581 -- Moved django.core.paginator documentation to API Reference. | luto | |
| Co-Authored-By: Arman <armansabyrov@gmail.com> | |||
| 2019-07-04 | Refs #28581 -- Doc's how to paginate a ListView. | luto | |
| 2019-07-04 | Fixed #28667 -- Clarified how to override list of forms fields for custom ↵ | swatantra | |
| UserAdmin with a custom user model. | |||
| 2019-07-02 | Fixed #27801 -- Made createsuperuser fall back to environment variables for ↵ | Hasan Ramezani | |
| password and required fields. | |||
| 2019-07-02 | Fixed #28588 -- Doc'd User.has_perm() & co. behavior for active superusers. | Carlton Gibson | |
| Equivalent note for PermissionsMixin was added in d33864ed138f65070049a3ac20ee98e03a1442b9. | |||
| 2019-07-02 | Fixed typos in comments and docs. | Min ho Kim | |
| 2019-07-01 | Fixed #30589 -- Clarified that urlize should be applied only to email ↵ | aitoehigie | |
| addresses without single quotes. | |||
| 2019-07-01 | Added CVE-2019-12781 to the security release archive. | Mariusz Felisiak | |
| 2019-07-01 | Added release date for 2.2.3. | Mariusz Felisiak | |
| 2019-07-01 | Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵ | Carlton Gibson | |
| SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review. | |||
| 2019-07-01 | Added stub release notes for security releases. | Mariusz Felisiak | |
| 2019-06-29 | Updated translations from Transifex | Claude Paroz | |
| Forward port of b3f7262e6e5d9e68e37fb21af89ed6656291faa3 from stable/2.2.x | |||
| 2019-06-26 | Fixed #30594 -- Added 'private' Cache-Control directive to never_cache() ↵ | nsasaki128 | |
| decorator. | |||
