| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-04-23 | [5.1.x] Fixed #36341 -- Preserved whitespaces in wordwrap template filter. | Matti Pohjanvirta | |
| Regression in 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b. This work improves the django.utils.text.wrap() function to ensure that empty lines and lines with whitespace only are kept instead of being dropped. Thanks Matti Pohjanvirta for the report and fix. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Backport of 1e9db35836d42a3c72f3d1015c2f302eb6fee046 from main. | |||
| 2025-03-06 | [5.1.x] Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap template ↵ | Sarah Boyce | |
| filter. Thanks sw0rd1ight for the report. Backport of 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b from main. | |||
| 2025-02-13 | [5.1.x] Fixed #36182 -- Returned "?" if all parameters are removed in ↵ | Sarah Boyce | |
| querystring template tag. Thank you to David Feeley for the report and Natalia Bidart for the review. Backport of 05002c153c5018e4429a326a6699c7c45e5ea957 from main. | |||
| 2024-09-03 | [5.1.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and ↵ | Sarah Boyce | |
| urlizetrunc template filters. Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. | |||
| 2024-08-26 | [5.1.x] Improved test coverage of urlize. | Sarah Boyce | |
| Backport of c6d1f98d2685f34e009e0fffdcff4ad275e55879 from main. | |||
| 2024-08-08 | [5.1.x] Fixed #35661 -- Fixed test_too_many_digits_to_rander() test crash on ↵ | Mariusz Felisiak | |
| PyPy. Thanks Michał Górny for the report. Backport of 7fb15ad5bcae05324ee8913e4b2c6c982e8f2de0 from main. | |||
| 2024-08-06 | [5.1.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in ↵ | Sarah Boyce | |
| floatformat. Thanks Elias Myllymäki for the report. Co-authored-by: Shai Berger <shai@platonix.com> | |||
| 2024-07-25 | [5.1.x] Added dedicated test for invalid inputs in floatformat template ↵ | nessita | |
| filter tests. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> Backport of 1b277b45cc4059760072095f3bd6e8a4e4c4d406 from main. | |||
| 2024-07-16 | [5.1.x] Refs #10941 -- Renamed test file test_query_string.py to ↵ | nessita | |
| test_querystring.py. This follows previous renames made in 27043bde5b795eb4a605aeca1d3bc4345d2ca478. Backport of 5dc17177c38662d6f4408258ee117cd80e0cb933 from main. | |||
| 2024-07-15 | [5.1.x] Refs #10941 -- Renamed query_string template tag to querystring. | Sarah Boyce | |
| Backport of 27043bde5b795eb4a605aeca1d3bc4345d2ca478 from main. | |||
| 2024-06-14 | [5.1.x] Fixed #35417 -- Updated BaseContext.new() with values to create a ↵ | George Y. Kussumoto | |
| context that can be flattened. Backport of 2a32b233822683c51e59722b7c9aa0789fc4ab1b from main. | |||
| 2024-04-24 | Fixed #35395 -- slice filter crashes on an empty dict with Python 3.12. | Tim Richardson | |
| Keep consistent behaviour of slice() filter between python 3.12 and prior versions in the case of a dict passed to the filter (catch the new to python 3.12 KeyError exception). | |||
| 2024-02-07 | Fixed #30686 -- Used Python HTMLParser in utils.text.Truncator. | David Smith | |
| 2024-02-07 | Refs #30686 -- Fixed text truncation for negative or zero lengths. | David Smith | |
| 2024-02-06 | Refs #30686 -- Improved test coverage of Truncator. | David Smith | |
| 2024-01-29 | Refs #35141 -- Corrected value of CACHE_MIDDLEWARE_SECONDS in ↵ | Alexander Lazarević | |
| CacheMiddlewareTest tests. | |||
| 2024-01-26 | Applied Black's 2024 stable style. | Mariusz Felisiak | |
| https://github.com/psf/black/releases/tag/24.1.0 | |||
| 2023-12-31 | Used addCleanup() in tests where appropriate. | Mariusz Felisiak | |
| 2023-10-26 | Fixed #10941 -- Added {% query_string %} template tag. | Tom Carrick | |
| 2023-10-02 | Fixed #34883 -- Allowed template tags to set extra data on templates. | Carlton Gibson | |
| By setting a value in the `parser.extra_data` mapping, template tags pass additional data out of the parsing context. Any extra data set is exposed on the template via the matching `.extra_data` attribute. Library authors should use a key to namespace extra data. The 'django' namespace is reserved for internal use. | |||
| 2023-09-29 | Refs #15667 -- Added resetting default renderer when FORM_RENDERER is changed. | Mariusz Felisiak | |
| 2023-09-29 | Fixed #34878 -- Fixed autoreloader crash when FORM_RENDERER is set to ↵ | Dan Jacob | |
| TemplatesSetting. Regression in 439242c5943e16dd5a3a68fadac76e5e723eb323. | |||
| 2023-09-18 | Refs #33864 -- Removed length_is template filter per deprecation timeline. | Mariusz Felisiak | |
| 2023-08-22 | Removed unnecessary trailing commas in tests. | konsti | |
| 2023-08-09 | Fixed #34692 -- Made autoreloader reset cached template loader for default ↵ | priyank.panchal | |
| renderer. | |||
| 2023-07-12 | Refs #30116 -- Simplified tests related with dictionary order. | Mariusz Felisiak | |
| Dicts preserve order since Python 3.6. | |||
| 2023-05-22 | Fixed #34577 -- Added escapeseq template filter. | Arthur Moreira | |
| 2023-05-19 | Fixed #34578 -- Made "join" template filter respect autoescape for joiner. | rajeeshp | |
| 2023-04-26 | Fixed #34518 -- Fixed crash of random() template filter with an empty list. | David Sanders | |
| 2023-03-29 | Fixed #34427 -- Improved error message when context processor does not ↵ | David Sanders | |
| return a dict. | |||
| 2023-03-20 | Fixed some typos in comments, docstrings, and tests. | Liyang Zhang | |
| 2023-02-22 | Fixed #34363 -- Fixed floatformat crash on zero with trailing zeros. | Panagiotis H.M. Issaris | |
| Regression in 08c5a787262c1ae57f6517d4574b54a5fcaad124. Follow up to 4b066bde692078b194709d517b27e55defae787c. | |||
| 2023-02-01 | Refs #33476 -- Applied Black's 2023 stable style. | David Smith | |
| Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0 | |||
| 2023-01-19 | Fixed #34272 -- Fixed floatformat crash on zero with trailing zeros to zero ↵ | David Wobrock | |
| decimal places. Regression in 08c5a787262c1ae57f6517d4574b54a5fcaad124. Thanks Andrii Lahuta for the report. | |||
| 2023-01-04 | Fixed #33879 -- Improved timesince handling of long intervals. | GianpaoloBranca | |
| 2022-11-04 | Fixed #27654 -- Propagated alters_data attribute to callables overridden in ↵ | LightDiscord | |
| subclasses. Thanks Shai Berger and Adam Johnson for reviews and the implementation idea. | |||
| 2022-10-24 | Fixed #34098 -- Fixed loss of precision for Decimal values in floatformat ↵ | Vlastimil Zíma | |
| filter. Regression in 12f7928f5a455e330c0a7f19bc86b37baca12811. | |||
| 2022-07-23 | Fixed #33864 -- Deprecated length_is template filter. | Nick Pope | |
| 2022-07-14 | Fixed #33631 -- Marked {% blocktranslate asvar %} result as HTML safe. | cheng | |
| 2022-05-31 | Fixed #33748 -- Fixed date template filter crash with lazy format. | Claude Paroz | |
| Regression in 659d2421c7adbbcd205604002d521d82d6b0b465. | |||
| 2022-05-25 | Normalized imports of functools.wraps. | Aymeric Augustin | |
| @wraps is 10 times more common than @functools.wraps. Standardize to the most common version. | |||
| 2022-05-20 | Fixed #33653 -- Fixed template crash when calling methods for built-in types ↵ | cheng | |
| without required arguments. Regression in 09341856ed9008875c1cc883dc0c287670131458. | |||
| 2022-04-11 | Fixed #33628 -- Ignored directories with empty names in autoreloader check ↵ | Manel Clos | |
| for template changes. Regression in 68357b2ca9e88c40fc00d848799813241be39129. | |||
| 2022-02-07 | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2022-02-03 | Fixed #33473 -- Fixed detecting changes by autoreloader in .py files inside ↵ | Hrushikesh Vaidya | |
| template directories. | |||
| 2022-02-03 | Refs #33476 -- Refactored problematic code before reformatting by Black. | Mariusz Felisiak | |
| In these cases Black produces unexpected results, e.g. def make_random_password( self, length=10, allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789', ): or cursor.execute(""" SELECT ... """, [table name], ) | |||
| 2022-02-01 | Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. | Markus Holtermann | |
| Thanks Keryn Knight for the report. Co-authored-by: Adam Johnson <me@adamj.eu> | |||
| 2022-01-04 | Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort ↵ | Florian Apolloner | |
| template filter. Thanks to Dennis Brinkrolf for the report. Co-authored-by: Adam Johnson <me@adamj.eu> | |||
| 2021-11-22 | Fixed #33302 -- Made element_id optional argument for json_script template ↵ | Baptiste Mispelon | |
| filter. Added versionchanged note in documentation | |||
