| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-04-23 | [4.2.x] Fixed #36341 -- Preserved whitespaces in wordwrap template filter. | Matti Pohjanvirta | |
| Regression in 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b. This work improves the django.utils.text.wrap() function to ensure that empty lines and lines with whitespace only are kept instead of being dropped. Thanks Matti Pohjanvirta for the report and fix. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Backport of 1e9db35836d42a3c72f3d1015c2f302eb6fee046 from main. | |||
| 2025-03-06 | [4.2.x] Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap template ↵ | Sarah Boyce | |
| filter. Thanks sw0rd1ight for the report. Backport of 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b from main. | |||
| 2024-09-03 | [4.2.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and ↵ | Sarah Boyce | |
| urlizetrunc template filters. Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. | |||
| 2024-07-31 | [4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in ↵ | Sarah Boyce | |
| floatformat. Thanks Elias Myllymäki for the report. Co-authored-by: Shai Berger <shai@platonix.com> | |||
| 2023-02-22 | [4.2.x] Fixed #34363 -- Fixed floatformat crash on zero with trailing zeros. | Panagiotis H.M. Issaris | |
| Regression in 08c5a787262c1ae57f6517d4574b54a5fcaad124. Follow up to 4b066bde692078b194709d517b27e55defae787c. Backport of dcd974698301a38081c141ccba6dcafa5ed2c80e from main | |||
| 2023-02-01 | [4.2.x] Refs #33476 -- Applied Black's 2023 stable style. | David Smith | |
| Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0 Backport of 097e3a70c1481ee7b042b2edd91b2be86fb7b5b6 from main | |||
| 2023-01-19 | [4.2.x] Fixed #34272 -- Fixed floatformat crash on zero with trailing zeros ↵ | David Wobrock | |
| to zero decimal places. Regression in 08c5a787262c1ae57f6517d4574b54a5fcaad124. Thanks Andrii Lahuta for the report. Backport of 4b066bde692078b194709d517b27e55defae787c from main | |||
| 2023-01-04 | Fixed #33879 -- Improved timesince handling of long intervals. | GianpaoloBranca | |
| 2022-11-04 | Fixed #27654 -- Propagated alters_data attribute to callables overridden in ↵ | LightDiscord | |
| subclasses. Thanks Shai Berger and Adam Johnson for reviews and the implementation idea. | |||
| 2022-10-24 | Fixed #34098 -- Fixed loss of precision for Decimal values in floatformat ↵ | Vlastimil Zíma | |
| filter. Regression in 12f7928f5a455e330c0a7f19bc86b37baca12811. | |||
| 2022-07-23 | Fixed #33864 -- Deprecated length_is template filter. | Nick Pope | |
| 2022-07-14 | Fixed #33631 -- Marked {% blocktranslate asvar %} result as HTML safe. | cheng | |
| 2022-05-31 | Fixed #33748 -- Fixed date template filter crash with lazy format. | Claude Paroz | |
| Regression in 659d2421c7adbbcd205604002d521d82d6b0b465. | |||
| 2022-05-25 | Normalized imports of functools.wraps. | Aymeric Augustin | |
| @wraps is 10 times more common than @functools.wraps. Standardize to the most common version. | |||
| 2022-05-20 | Fixed #33653 -- Fixed template crash when calling methods for built-in types ↵ | cheng | |
| without required arguments. Regression in 09341856ed9008875c1cc883dc0c287670131458. | |||
| 2022-04-11 | Fixed #33628 -- Ignored directories with empty names in autoreloader check ↵ | Manel Clos | |
| for template changes. Regression in 68357b2ca9e88c40fc00d848799813241be39129. | |||
| 2022-02-07 | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2022-02-03 | Fixed #33473 -- Fixed detecting changes by autoreloader in .py files inside ↵ | Hrushikesh Vaidya | |
| template directories. | |||
| 2022-02-03 | Refs #33476 -- Refactored problematic code before reformatting by Black. | Mariusz Felisiak | |
| In these cases Black produces unexpected results, e.g. def make_random_password( self, length=10, allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789', ): or cursor.execute(""" SELECT ... """, [table name], ) | |||
| 2022-02-01 | Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. | Markus Holtermann | |
| Thanks Keryn Knight for the report. Co-authored-by: Adam Johnson <me@adamj.eu> | |||
| 2022-01-04 | Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort ↵ | Florian Apolloner | |
| template filter. Thanks to Dennis Brinkrolf for the report. Co-authored-by: Adam Johnson <me@adamj.eu> | |||
| 2021-11-22 | Fixed #33302 -- Made element_id optional argument for json_script template ↵ | Baptiste Mispelon | |
| filter. Added versionchanged note in documentation | |||
| 2021-09-14 | Fixed #32873 -- Deprecated settings.USE_L10N. | Claude Paroz | |
| Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-09-08 | Fixed #30086, Refs #32873 -- Made floatformat template filter independent of ↵ | Mariusz Felisiak | |
| USE_L10N. | |||
| 2021-08-19 | Fixed #33036 -- Made simple_tag()/inclusion_tag() with takes_context raise ↵ | Matt Westcott | |
| TemplateSyntaxError when function has no parameters. | |||
| 2021-08-09 | Refs #33002 -- Added DebugLexer/Lexer.tokenize() test for trailing text token. | Mariusz Felisiak | |
| 2021-08-09 | Refs #33002 -- Made template_tests.tests.py's tests test both Lexer and ↵ | Chris Jerdonek | |
| DebugLexer. | |||
| 2021-08-09 | Refs #32990 -- Added tests for DebugLexer/Lexer.tokenize(). | Greg Twohig | |
| 2021-08-02 | Added test for TemplateSyntaxError when variables begin with underscores. | Mariusz Felisiak | |
| 2021-08-02 | Refs #32956 -- Corrected spelling of "gray". | David Smith | |
| 2021-07-27 | Refs #32956 -- Changed "afterwards" to "afterward" in docs and comments. | David Smith | |
| This also removes unnecessary comments with the previous spelling. AP Stylebook has a short entry to advise the preferred spelling for "en-us". "Afterwards" is preferred in British English. | |||
| 2021-07-02 | Fixed #28935 -- Fixed display of errors in extended blocks. | cammil | |
| Get the template that caused the exception and get the exception info from that template, using the node that caused the exception. | |||
| 2021-06-11 | Fixed #32824 -- Improved performance of NodeList.render(). | Keryn Knight | |
| This avoids the following: - checking that each item in the nodelist is a subclass of Node, - calling str() on the render_annotated() output, because it's documented that Node.render() must return a string, - calling mark_safe() on the output, when the value to be wrapped is definitively known to be a string because the result of ''.join() is always of that type, - using an intermediate list to store each individual string. | |||
| 2021-06-10 | Refs #24121 -- Added __repr__() to AdminForm, BlockContext, ↵ | saeedblanchette | |
| BlockTranslateNode, and IncludeNode. | |||
| 2021-06-01 | Refs #24121 -- Added __repr__() to Engine | abhiabhi94 | |
| 2021-05-26 | Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for ↵ | Hasan Ramezani | |
| template changes. | |||
| 2021-05-12 | Refs #24121 -- Added__repr__() to StaticNode. | saeedblanchette | |
| 2021-03-17 | Refs #24121 -- Added __repr__() to Origin and Template. | Tiago Honorato | |
| 2021-03-02 | Refs #21429 -- Added SimpleTestCase.assertNoLogs() on Python < 3.10. | François Freitag | |
| 2021-03-02 | Refs #24121 -- Added __repr__() to URLNode. | Rohith PR | |
| 2021-02-26 | Refs #24121 -- Added __repr__() to FilterExpression, Lexer, Parser, and Token. | David Smith | |
| 2021-02-06 | Refs #32394 -- Changed STATIC_URL/MEDIA_URL to relative paths in tests and ↵ | Markus Holtermann | |
| docs where appropriate. | |||
| 2021-01-27 | Fixed #32290 -- Fixed TemplateNotFound in {% include %} tag for relative ↵ | Hasan Ramezani | |
| path in variable. | |||
| 2021-01-27 | Refs #32290 -- Added {% extends %} test for relative path in variable. | Hasan Ramezani | |
| 2021-01-14 | Refs #25236 -- Removed {% ifequal %} and {% ifnotequal %} template tags per ↵ | Mariusz Felisiak | |
| deprecation timeline. | |||
| 2020-12-21 | Fixed #32208 -- Allowed adding lazy() objects. | Hasan Ramezani | |
| Co-authored-by: Claude Paroz <claude@2xlibre.net> | |||
| 2020-11-21 | Refs #15053 -- Clarified debug message when skipping templates to avoid ↵ | Daniel Hahler | |
| recursion. | |||
| 2020-11-13 | Changed docs and a code comment to use gender-neutral pronouns. | Nick Pope | |
| Follow up to e1b77238171cc96f4451a06fb4682e2378896238. | |||
| 2020-11-05 | Fixed #25791 -- Implement autoreload behaviour for cached template loader. | Tom Forbes | |
