summaryrefslogtreecommitdiff
path: root/tests
AgeCommit message (Collapse)Author
2022-09-27[4.0.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as ↵Adam Johnson
regular expressions. Thanks to Benjamin Balder Bach for the report.
2022-08-03[4.0.x] Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header.Carlton Gibson
Thanks to Motoyasu Saburi for the report.
2022-08-03[4.0.x] Fixed warnings per flake8 5.0.0.Mariusz Felisiak
Backport of c18861804feb6a97afbeabb51be748dd60a04458 from main.
2022-07-05[4.0.x] Fixed RelatedGeoModelTest.test08_defer_only() on MySQL 8+ with ↵Mariusz Felisiak
MyISAM storage engine. Backport of 73766c118781a7f7052bf0a5fbee38b944964e31 from main
2022-07-04[4.0.x] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) ↵Mariusz Felisiak
against SQL injection. Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
2022-07-01[4.0.x] Fixed GEOSTest.test_emptyCollections() on GEOS 3.8.0.Mariusz Felisiak
It's a regression in GEOS 3.8.0 fixed in GEOS 3.8.1. Backport of 863aa7541d30247e7eb7a973ff68a7d36f16dc02 from main
2022-06-21[4.0.x] Fixed CoveringIndexTests.test_covering_partial_index() when ↵Mariusz Felisiak
DEFAULT_INDEX_TABLESPACE is set. Backport of aa8b9279e40da343f5b91e5aec07f868184056f4 from main
2022-05-21[4.0.x] Fixed #33725 -- Made hidden quick filter in admin's navigation ↵Sankalp
sidebar not focusable. Regression in d915dd1c5809d7c2bb3679751cd5277571dcd9f7. Follow up to 780473d75625d014cbe9b0acdea40b7a5970d5d8. Backport of 90dcf271147693a8897f644c4c8943c5b73c02f8 from main.
2022-05-19[4.0.x] Fixed #33705 -- Fixed crash when using IsNull() lookup in filters.David Wobrock
Thanks Florian Apolloner for the report. Thanks Simon Charette for the review. Backport of 9f5548952906c6ea97200c016734b4f519520a64 from main
2022-05-16[4.0.x] Fixed #33681 -- Made Redis client pass CACHES["OPTIONS"] to a ↵Mariusz Felisiak
connection pool. Thanks Ben Picolo for the report. Backport of d27e6b233f83c3429f21ff3c250a28ff302637ef from main
2022-05-02[4.0.x] Removed 'tests' path prefix in a couple tests.Tim Graham
Backport of 694cf458f16b8d340a3195244196980b2dec34fd from main
2022-05-02[4.0.x] Refs #31026 -- Changed @jinja2_tests imports to be relative.Jacob Walls
Backport of 03a648811615cb623affc2d79dccd4b05919319e from main
2022-04-11[4.0.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) ↵Mariusz Felisiak
against SQL injection on PostgreSQL. Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main.
2022-04-11[4.0.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), ↵Mariusz Felisiak
and extra() against SQL injection in column aliases. Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report. Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.
2022-04-11[4.0.x] Fixed #33628 -- Ignored directories with empty names in autoreloader ↵Manel Clos
check for template changes. Regression in 68357b2ca9e88c40fc00d848799813241be39129. Backport of 62739b6e2630e37faa68a86a59fad135cc788cd7 from main.
2022-03-30[4.0.x] Fixed #33598 -- Reverted "Removed unnecessary ↵Mariusz Felisiak
reuse_with_filtered_relation argument from Query methods." Thanks lind-marcus for the report. This reverts commit 0c71e0f9cfa714a22297ad31dd5613ee548db379. Regression in 0c71e0f9cfa714a22297ad31dd5613ee548db379. Backport of fac662f4798f7e4e0ed9be6b4fb4a87a80810a68 from main
2022-03-26[4.0.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+."Mariusz Felisiak
This reverts commit 1d9d082acf6e152c06833bb9698f88d688b95e40. Backport of abfdb4d7f384fb06ed9b7ca37b548542df7b5dda from main
2022-03-25[4.0.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+.Mariusz Felisiak
See https://github.com/pallets/jinja/pull/1621. Backport of 1d9d082acf6e152c06833bb9698f88d688b95e40 from main
2022-03-01[4.0.x] Fixed #33547 -- Fixed error when rendering invalid inlines with ↵Mariusz Felisiak
readonly fields in admin. Regression in de95c826673be9ea519acc86fd898631d1a11356. Thanks David Glenck for the report. Backport of 445b075def2c037b971518963b70ce13df5e88a2 from main
2022-02-16[4.0.x] Fixed #33515 -- Prevented recreation of migration for ↵Mariusz Felisiak
ManyToManyField to lowercased swappable setting. Thanks Chris Lee for the report. Regression in 43289707809c814a70f0db38ca4f82f35f43dbfd. Refs #23916. Backport of 1e2e1be02bdf0fe4add0d0279dbca1d74ae28ad7 from main
2022-02-08[4.0.x] Refs #33476 -- Refactored code to strictly match 88 characters line ↵Mariusz Felisiak
length. Backport of 7119f40c9881666b6f9b5cf7df09ee1d21cc8344 from main.
2022-02-08[4.0.x] Refs #33476 -- Reformatted code with Black.django-bot
Backport of 9c19aff7c7561e3a82978a272ecdaad40dda5c00 from main.
2022-02-08[4.0.x] Refs #33476 -- Changed quotation marks in ↵Mariusz Felisiak
DebugViewTests.test_template_exceptions(). This prevents a failure after reformatting the code with Black. Backport of f68fa8b45dfac545cfc4111d4e52804c86db68d3 from main
2022-02-03[4.0.x] Refs #33476 -- Refactored problematic code before reformatting by Black.Mariusz Felisiak
In these cases Black produces unexpected results, e.g. def make_random_password( self, length=10, allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789', ): or cursor.execute(""" SELECT ... """, [table name], ) Backport of c5cd8783825b5f6384417dac5f3889b4210b7d08 from main.
2022-02-01[4.0.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.Mariusz Felisiak
Thanks Alan Ryan for the report and initial patch. Backport of fc18f36c4ab94399366ca2f2007b3692559a6f23 from main.
2022-02-01[4.0.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.Markus Holtermann
Thanks Keryn Knight for the report. Backport of 394517f07886495efcf79f95c7ee402a9437bd68 from main. Co-authored-by: Adam Johnson <me@adamj.eu>
2022-02-01[4.0.x] Fixed #33480 -- Fixed makemigrations crash when renaming field of ↵Kirill Safronov
renamed model. Regression in aa4acc164d1247c0de515c959f7b09648b57dc42. Backport of 97a72744681d0993b50dee952cf32cdf9650ad9f from main
2022-01-31[4.0.x] Fixed #33468 -- Fixed QuerySet.aggregate() after annotate() crash on ↵Mariusz Felisiak
aggregates with default. Thanks Adam Johnson for the report. Backport of 71e7c8e73712419626f1c2b6ec036e8559a2d667 from main
2022-01-27[4.0.x] Fixed #33462 -- Fixed migration crash when altering type of primary ↵Mariusz Felisiak
key with MTI and foreign key. This prevents duplicated operations when altering type of primary key with MTI and foreign key. Previously, a foreign key to the base model was added twice, once directly and once by the inheritance model. Thanks bcail for the report. Regression in 325d7710ce9f6155bb55610ad6b4580d31263557. Backport of e972620ada4f9ed7bc57f28e133e85c85b0a7b20 from main
2022-01-21[4.0.x] Fixed #33449 -- Fixed makemigrations crash on models without ↵Fabian Büchler
Meta.order_with_respect_to but with _order field. Regression in aa4acc164d1247c0de515c959f7b09648b57dc42. Backport of eeff1787b0aa23016e4844c0f537d5093a95a356 from main
2022-01-10[4.0.x] Fixed #33426 -- Fixed ResolverMatch.__repr_() for class-based views.Keryn Knight
Regression in 7c08f26bf0439c1ed593b51b51ad847f7e262bc1. Backport of f4b06a3cc1e54888ff86f36a1f9a3ddf21292314 from main
2022-01-08[4.0.x] Fixed #33425 -- Fixed view name for CBVs on technical 404 debug page.Keryn Knight
Regression in 0c0b87725bbcffca3bc3a7a2c649995695a5ae3b. Backport of 2a66c102d9c674fadab252a28d8def32a8b626ec from main
2022-01-07[4.0.x] Fixed #33419 -- Restored marking forms.Field.help_text as HTML safe.David
Regression in 456466d932830b096d39806e291fe23ec5ed38d5. Thanks Matt Westcott for the report. Backport of 4c60c3edff4312303e1021fca47ed52c2152d285 from main
2022-01-07[4.0.x] Fixed #33410 -- Fixed recursive capturing of callbacks by ↵Petter Friberg
TestCase.captureOnCommitCallbacks(). Regression in d89f976bddb49fb168334960acc8979c3de991fa. Backport of bc174e6ea0ce676c5a7f467bda9739e6ef6b6186 from main
2022-01-04[4.0.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage ↵Florian Apolloner
subsystem. Thanks to Dennis Brinkrolf for the report.
2022-01-04[4.0.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in ↵Florian Apolloner
dictsort template filter. Thanks to Dennis Brinkrolf for the report. Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04[4.0.x] Fixed CVE-2021-45115 -- Prevented DoS vector in ↵Florian Apolloner
UserAttributeSimilarityValidator. Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu>
2021-12-22[4.0.x] Refs #32355 -- Bumped required psycopg2 version to 2.8.4.Mariusz Felisiak
psycopg2 2.8.4 is the first release to support Python 3.8. Backport of ca04659b4b3f042c1bc7e557c25ed91e3c56c745 from main
2021-12-17[4.0.x] Fixed #33366 -- Fixed case handling with swappable setting detection ↵Simon Charette
in migrations autodetector. The migration framework uniquely identifies models by case insensitive labels composed of their app label and model names and so does the app registry in most of its methods (e.g. AppConfig.get_model) but it wasn't the case for get_swappable_settings_name() until this change. This likely slipped under the radar for so long and only regressed in b9df2b74b98b4d63933e8061d3cfc1f6f39eb747 because prior to the changes related to the usage of model states instead of rendered models in the auto-detector the exact value settings value was never going through a case folding hoop. Thanks Andrew Chen Wang for the report and Keryn Knight for the investigation. Backport of 43289707809c814a70f0db38ca4f82f35f43dbfd from main
2021-12-16[4.0.x] Fixed #33350 -- Reallowed using cache decorators with duck-typed ↵Mariusz Felisiak
HttpRequest. Regression in 3fd82a62415e748002435e7bad06b5017507777c. Thanks Terence Honles for the report. Backport of 40165eecc40f9e223702a41a0cb0958515bb1f82 from main
2021-12-14[4.0.x] Fixed #33361 -- Fixed Redis cache backend crash on booleans.Jeremy Lainé
Backport of 2f33217ea2cad688040dd6044cdda946c62e5b65 from main
2021-12-08[4.0.x] Fixed #33346 -- Fixed SimpleTestCase.assertFormsetError() crash on a ↵Baptiste Mispelon
formset named "form". Thanks OutOfFocus4 for the report. Regression in 456466d932830b096d39806e291fe23ec5ed38d5. Backport of cb383753c0e0eb52306e1024d32a782549c27e61 from main.
2021-12-07[4.0.x] Updated asgiref dependency for 4.0 release series.Mariusz Felisiak
Backport of 513441240f874dd0b6187c0c6aaa3e8eccd8ddbe from main
2021-12-07[4.0.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an ↵Florian Apolloner
upstream access control based on URL paths. Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports. Backport of d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6 from main.
2021-12-06[4.0.x] Updated translations from Transifex.Mariusz Felisiak
This also fixes related i18n tests. Co-authored-by: Claude Paroz <claude@2xlibre.net>
2021-12-06[4.0.x] Fixed #33335 -- Made model validation ignore functional unique ↵Hannes Ljungberg
constraints. Regression in 3aa545281e0c0f9fac93753e3769df9e0334dbaa. Thanks Hervé Le Roy for the report. Backport of 1eaf38fa87384fe26d1abf6e389d6df1600d4d8c from main
2021-12-04[4.0.x] Refs #33333 -- Fixed ↵Mariusz Felisiak
PickleabilityTestCase.test_annotation_with_callable_default() crash on Oracle. Grouping by LOBs is not allowed on Oracle. This moves a binary field to a separate model. Backport of d3a64bea51676fcf8a0ae593cf7b103939e12c87 from main
2021-12-03[4.0.x] Fixed #33333 -- Fixed setUpTestData() crash with models.BinaryField ↵Mariusz Felisiak
on PostgreSQL. This makes models.BinaryField pickleable on PostgreSQL. Regression in 3cf80d3fcf7446afdde16a2be515c423f720e54d. Thanks Adam Zimmerman for the report. Backport of 2c7846d992ca512d36a73f518205015c88ed088c from main.
2021-11-12[4.0.x] Fixed #33279 -- Fixed handling time zones with "-" sign in names.Can Sarigol
Thanks yakimka for the report. Regression in fde9b7d35e4e185903cc14aa587ca870037941b1. Backport of 661316b066923493ff91d6d2aa92e463f595a6b1 from main.
2021-11-09[4.0.x] Refs #33263 -- Added warning to BaseDeleteView when delete() method ↵Mariusz Felisiak
is overridden. Follow up to 3a45fea0832c5910acee6e0d29f230f347a50462. Backport of 6bc437c0d82675ebe6aa92c8e249892205c316ef from main