summaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
2019-08-01Added CVE-2019-14232 to the security release archive.Carlton Gibson
2019-08-01Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in ↵Florian Apolloner
django.utils.encoding.uri_to_iri(). Thanks to Guido Vranken for initial report.
2019-08-01Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index ↵Mariusz Felisiak
lookups against SQL injection. Thanks to Sage M. Abdullah for the report and initial patch. Thanks Florian Apolloner for reviews.
2019-08-01Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ↵Florian Apolloner
strip_tags() when handling incomplete HTML entities. Thanks to Guido Vranken for initial report.
2019-08-01Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when ↵Florian Apolloner
truncating HTML. Thanks to Guido Vranken for initial report.
2019-07-31Fixed #30665 -- Added support for distinct argument to Avg() and Sum().Étienne Beaulé
2019-07-31Fixed #30160 -- Added support for LZMA and XZ templates to ↵Nick Pope
startapp/startproject management commands.
2019-07-31Refs #30160 -- Doc'd startapp/startproject support for tarfile templates.Nick Pope
2019-07-31Refs #30160 -- Simplified archive extension map and added other aliases.Nick Pope
2019-07-29Fixed #30656 -- Added QuerySet.bulk_update() to the database optimization docs.daniel a rios
2019-07-29Refs #30656 -- Reorganized bulk methods in the database optimization docs.daniel a rios
2019-07-27Refs #28147 -- Fixed setting of OneToOne and Foreign Key fields to None when ↵Jon Dufresne
using attnames. Regression in 519016e5f25d7c0a040015724f9920581551cab0.
2019-07-25Added stub release notes for security releases.Carlton Gibson
2019-07-25Fixed #30657 -- Allowed customizing Field's descriptors with a ↵Jon Dufresne
descriptor_class attribute. Allows model fields to override the descriptor class used on the model instance attribute.
2019-07-24Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be ↵Tom Forbes
resolved.
2019-07-23Fixed typo in docs/topics/http/sessions.txt.terminator14
2019-07-23Fixed #30506 -- Fixed crash of autoreloader when path contains null characters.Tom Forbes
2019-07-19Refs #30083 -- Added a warning about performing queries in pre/post_init ↵Mariusz Felisiak
receivers. Thanks Carlton Gibson the review.
2019-07-19Refs #30083 -- Clarified database state of instances in signals.pre_init docs.Mariusz Felisiak
2019-07-18Fixed #30648 -- Removed unnecessary overriding get_context_data() from ↵Davit Gachechiladze
mixins with CBVs docs.
2019-07-18Refs #30547 -- Clarified that partial UniqueConstraints don't affect model ↵Mariusz Felisiak
validation.
2019-07-16Fixed #29824 -- Added support for database exclusion constraints on PostgreSQL.Mads Jensen
Thanks to Nick Pope and Mariusz Felisiak for review. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-07-16Refs #29824 -- Added RangeOperators helper class.Mads Jensen
2019-07-16Fixed heading level typo in docs/ref/contrib/postgres/fields.txt.Mariusz Felisiak
2019-07-16Updated WSGI servers ordering according to the more commonly used.Frank Wiles
2019-07-15Fixed explanation of how to automatically create tables in database.Frank Wiles
2019-07-11Doc'd --no-input option for createsuperuser.Hasan Ramezani
2019-07-10Updated Select2 to version 4.0.7.Johannes Hoppe
2019-07-10Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField ↵Mariusz Felisiak
when the right hand side is the same type. Thanks Tilman Koschnick for the report and initial patch. Thanks Carlton Gibson the review. Regression in 6b048b364ca1e0e56a0d3815bf2be33ac9998355.
2019-07-10Fixed #30628 -- Adjusted expression identity to differentiate bound fields.Simon Charette
Expressions referring to different bound fields should not be considered equal. Thanks Julien Enselme for the detailed report. Regression in bc7e288ca9554ac1a0a19941302dea19df1acd21.
2019-07-09Fixed typos in docs/ref/django-admin.txt.Mariusz Felisiak
2019-07-09Added stub release notes for 2.2.4.Mariusz Felisiak
2019-07-08Fixed #30397 -- Added app_label/class interpolation for names of indexes and ↵can
constraints.
2019-07-08Refs #29444 -- Added support for fetching a returned non-integer insert ↵Johannes Hoppe
values on Oracle. This is currently not actively used, since the ORM will ask the SQL compiler to only return auto fields.
2019-07-08Fixed #30620 -- Made an example of admin-compliant custom user app pep8 ↵Nuno
compliant.
2019-07-05Fixed #30613 -- Moved index name validation to system checks.can
2019-07-04Fixed #30600 -- Clarified that ValueError raised by converter.to_python() ↵sp1rs
means no match.
2019-07-04Fixed #28581 -- Moved django.core.paginator documentation to API Reference.luto
Co-Authored-By: Arman <armansabyrov@gmail.com>
2019-07-04Refs #28581 -- Doc's how to paginate a ListView.luto
2019-07-04Fixed #28667 -- Clarified how to override list of forms fields for custom ↵swatantra
UserAdmin with a custom user model.
2019-07-02Fixed #27801 -- Made createsuperuser fall back to environment variables for ↵Hasan Ramezani
password and required fields.
2019-07-02Fixed #28588 -- Doc'd User.has_perm() & co. behavior for active superusers.Carlton Gibson
Equivalent note for PermissionsMixin was added in d33864ed138f65070049a3ac20ee98e03a1442b9.
2019-07-02Fixed typos in comments and docs.Min ho Kim
2019-07-01Fixed #30589 -- Clarified that urlize should be applied only to email ↵aitoehigie
addresses without single quotes.
2019-07-01Added CVE-2019-12781 to the security release archive.Mariusz Felisiak
2019-07-01Added release date for 2.2.3.Mariusz Felisiak
2019-07-01Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵Carlton Gibson
SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review.
2019-07-01Added stub release notes for security releases.Mariusz Felisiak
2019-06-29Updated translations from TransifexClaude Paroz
Forward port of b3f7262e6e5d9e68e37fb21af89ed6656291faa3 from stable/2.2.x
2019-06-26Fixed #30594 -- Added 'private' Cache-Control directive to never_cache() ↵nsasaki128
decorator.