summaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
2024-08-12Fixed #35623 -- Documented that a field cannot be named 'check'.Mohammad Salehi
2024-08-12Fixed #35648 -- Raised NotImplementedError in SafeString.__add__ for ↵Matthias Kestenholz
non-string RHS. This change ensures SafeString addition operations handle non-string RHS properly, allowing them to implement __radd__ for better compatibility.
2024-08-12Fixed #35586 -- Added support for set-returning database functions.Devin Cox
Aggregation optimization didn't account for not referenced set-returning annotations on Postgres. Co-authored-by: Simon Charette <charette.s@gmail.com>
2024-08-12Fixed #35575 -- Added support for constraint validation on GeneratedFields.Mark Gensler
2024-08-12Refs #35591 -- Removed hardcoded "stable" version in runserver warning.Mariusz Felisiak
2024-08-09Fixed #35591 -- Added unsuitable for production console warning to runserver.Andrew Miller
2024-08-08Fixed #35622 -- Made unittest ignore Django assertions in traceback frames.Adam Johnson
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-08-08Doc'd that SessionMiddleware is required for the admin site.Jure Cuhalev
The system check "admin.E410" was already checking for this, but the requirement was not listed in docs/ref/contrib/admin/index.txt.
2024-08-08Refs #35591 -- Emphasized that runserver is not suitable for production.Andrew Miller
2024-08-08Refs #31405 -- Improved LoginRequiredMiddleware documentation.Adam Johnson
co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-07Added stub release notes for 5.1.1.Natalia
2024-08-07Finalized release notes for Django 5.1.Natalia
2024-08-06Added CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, and CVE-2024-42005 to ↵Sarah Boyce
security archive.
2024-08-06Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks ↵Simon Charette
against JSON fields. Thanks Eyal (eyalgabay) for the report.
2024-08-06Fixed CVE-2024-41991 -- Prevented potential ReDoS in ↵Mariusz Felisiak
django.utils.html.urlize() and AdminURLFieldWidget. Thanks Seokchan Yoon for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-06Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc ↵Sarah Boyce
template filters. Thanks to MProgrammer for the report.
2024-08-06Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat.Sarah Boyce
Thanks Elias Myllymäki for the report. Co-authored-by: Shai Berger <shai@platonix.com>
2024-08-05Fixed #35657 -- Made FileField handle db_default values.Sarah Boyce
2024-08-05Fixed #35638 -- Updated validate_constraints to consider db_default.David Sanders
2024-08-05Used :pypi: role in docs where appropriate.Mariusz Felisiak
2024-08-05Fixed #35628 -- Allowed compatible GeneratedFields for ↵John Parton
ModelAdmin.date_hierarchy.
2024-08-05Refs #35380 -- Updated screenshots in admin docs.Natalia
2024-08-05Refs #35380 -- Updated screenshots in intro docs.Natalia
2024-08-05Refs #35537 -- Improved documentation and test coverage for email ↵Jake Howard
attachments and alternatives.
2024-08-02Refs #35601, Refs #35599 -- Made cosmetic edits to TelInput/ColorInput docs.Mariusz Felisiak
2024-08-02Fixed #35601 -- Added TelInput widget.lucasesposito
2024-08-02Fixed #35599 -- Added ColorInput widget.arjunomray
2024-08-01Fixed #35646 -- Extended SafeExceptionReporterFilter.hidden_settings to ↵Markus Holtermann
treat `AUTH` as a sensitive match. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-07-31Fixed #35598 -- Added SearchInput widget.Jeremy Thompson
2024-07-31Added stub release notes and release date for 5.0.8 and 4.2.15.Sarah Boyce
2024-07-29Fixed #35546 -- Emphasised accepted ticket requirement in contributing docs.Maryam Yusuf
2024-07-29Referenced joining the triage and review team as motivation to do PR reviews.Maryam Yusuf
2024-07-25Fixed #35627 -- Raised a LookupError rather than an unhandled ValueError in ↵Lorenzo Peña
get_supported_language_variant(). LocaleMiddleware didn't handle the ValueError raised by get_supported_language_variant() when language codes were over 500 characters. Regression in 9e9792228a6bb5d6402a5d645bc3be4cf364aefb.
2024-07-25Added contributor guidelines for performance optimizations.Sarah Boyce
2024-07-25Fixed #35625 -- Fixed a crash when adding a field with db_default and check ↵Simon Charette
constraint. This is the exact same issue as refs #30408 but for creating a model with a constraint containing % escapes instead of column addition. All of these issues stem from a lack of SQL and parameters separation from the BaseConstraint DDL generating methods preventing them from being mixed with other parts of the schema alteration logic that do make use of parametrization on some backends (e.g. Postgres, MySQL for DEFAULT). Prior to the addition of Field.db_default and GeneratedField in 5.0 parametrization of DDL was never exercised on model creation so this is effectively a bug with db_default as the GeneratedField case was addressed by refs #35336. Thanks Julien Chaumont for the report and Mariusz Felisiak for the review.
2024-07-24Fixed #35604, Refs #35326 -- Made FileSystemStorage.exists() behaviour ↵Sarah Boyce
independent from allow_overwrite. Partially reverts 0b33a3abc2ca7d68a24f6d0772bc2b9fa603744e. Storage.exists(name) was documented to "return False if the name is available for a new file." but return True if the file exists. This is ambiguous in the overwrite file case. It will now always return whether the file exists. Thank you to Natalia Bidart and Josh Schneier for the review.
2024-07-24Fixed #35541 -- Fixed paginator border in admin CSS.arjunomray
2024-07-24Updated asgiref dependency for 5.1 release series.Mariusz Felisiak
2024-07-23Updated example links in urlize docs.Matthew Somerville
goo.gl links are being removed in 2025: https://developers.googleblog.com/en/google-url-shortener-links-will-no-longer-be-available/
2024-07-22Refs #10941 -- Reorganized querystring template tag docs.nessita
2024-07-18Fixed #35606, Refs #34045 -- Fixed rendering of ModelAdmin.action_checkbox ↵Hisham Mahmood
for models with a __html__ method. Thank you Claude Paroz for the report. Regression in 85366fbca723c9b37d0ac9db1d44e3f1cb188db2.
2024-07-17Fixed #35594 -- Added unique nulls distinct validation for expressions.Simon Charette
Thanks Mark Gensler for the report.
2024-07-15Refs #10941 -- Renamed query_string template tag to querystring.Sarah Boyce
2024-07-15Fixed #35464 -- Updated docs to note fieldsets have limited impact on ↵Maryam Yusuf
TabularInlines.
2024-07-12Refs #35506 -- Reverted "global URLconf" to "root URLconf" in tutorial 1.Tim Graham
2024-07-09Added CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614 to ↵Natalia
security archive.
2024-07-09Added stub release notes for 5.0.8.Natalia
2024-07-09Made cosmetic edits to 5.0.7 release notes.Natalia
2024-07-09Fixed CVE-2024-39614 -- Mitigated potential DoS in ↵Sarah Boyce
get_supported_language_variant(). Language codes are now parsed with a maximum length limit of 500 chars. Thanks to MProgrammer for the report.
2024-07-09Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save ↵Natalia
method. Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah Boyce for the reviews.