summaryrefslogtreecommitdiff
path: root/tests
AgeCommit message (Collapse)Author
2023-11-01[4.1.x] Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows.Mariusz Felisiak
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
2023-10-04[4.1.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in ↵Natalia
django.utils.text.Truncator when truncating HTML text. Thanks Wenchao Li of Alibaba Group for the report.
2023-09-04[4.1.x] Fixed CVE-2023-41164 -- Fixed potential DoS in ↵Mariusz Felisiak
django.utils.encoding.uri_to_iri(). Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2023-08-28[4.1.x] Fixed warnings per flake8 6.1.0.Mariusz Felisiak
Backport of 22b0b73c7732ba67db4e69fd9fa75aad84c8e5c4 from main.
2023-07-03[4.1.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator ↵Mariusz Felisiak
and URLValidator. Thanks Seokchan Yoon for reports.
2023-05-04[4.1.x] Fixed MultipleFileFieldTest.test_file_multiple_validation() test if ↵Mariusz Felisiak
Pillow isn't installed. Follow up to fb4c55d9ec4bb812a7fb91fa20510d91645e411b. Backport of fcfbf08abe3e6dc54894df6988024f055abc6c40 from main
2023-05-03[4.1.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass of ↵Mariusz Felisiak
validation when uploading multiple files using one form field. Thanks Moataz Al-Sharida and nawaik for reports. Co-authored-by: Shai Berger <shai@platonix.com> Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2023-04-07[4.1.x] Refs #34118 -- Fixed CustomChoicesTests.test_uuid_unsupported on ↵Mariusz Felisiak
Python 3.11.4+. https://github.com/python/cpython/commit/5342f5e713e0cc45b6f226d2d053a8cde1b4d68e Follow up to 38e63c9e61152682f3ff982c85a73793ab6d3267. Backport of 2eb1f37260f0e0b71ef3a77eb5522d2bb68d6489 from main
2023-03-08[4.1.x] Fixed #34384 -- Fixed session validation when rotation secret keys.David Wobrock
Bug in 0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7. Thanks Eric Zarowny for the report. Backport of 2396933ca99c6bfb53bda9e53968760316646e01 from main
2023-02-14[4.1.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.Markus Holtermann
Thanks to Jakob Ackermann for the report.
2023-02-08[4.1.x] Fixed #34319 -- Fixed Model.validate_constraints() crash on ↵Mariusz Felisiak
ValidationError with no code. Thanks Mateusz Kurowski for the report. Regression in 667105877e6723c6985399803a364848891513cc. Backport of 2fd755b361d3da2cd0440fc9839feb2bb69b027b from main
2023-02-01[4.1.x] Refs #33476 -- Applied Black's 2023 stable style.David Smith
Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0 Backport of 097e3a70c1481ee7b042b2edd91b2be86fb7b5b6 from main.
2023-02-01[4.1.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for ↵Nick Pope
Accept-Language. The parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. Accept-Language headers are now limited to a maximum length in order to avoid this issue.
2023-01-26[4.1.x] Fixed #34291 -- Fixed Meta.constraints validation crash on ↵Mariusz Felisiak
UniqueConstraint with ordered expressions. Thanks Dan F for the report. Bug in 667105877e6723c6985399803a364848891513cc. Backport of 2b1242abb3989f5d74e787b09132d01bcbee5b55 from main.
2023-01-12[4.1.x] Fixed thread termination in servers.tests.LiveServerPort on Python ↵Mariusz Felisiak
3.10.9+, 3.11.1+, and 3.12+. Class cleanups registered in TestCase subclasses are no longer called as TestCase.doClassCleanups() only cleans up the particular class, see https://github.com/python/cpython/commit/c2102136be569e6fc8ed90181f229b46d07142f8 Backport of d02a9f0cee84e3d23f676bdf2ab6aadbf4a5bfe8 from main
2022-12-10[4.1.x] Fixed #34205 -- Fixed Meta.constraints validation crash with ↵James Gillard
ArrayField and __len lookup. Regression in 88fc9e2826044110b7b22577a227f122fe9c1fb5 that began manifesting in Django 4.1. Backport of c5ed884eabf3b2b67581c55bf6c87e721f69157f from main.
2022-11-22[4.1.x] Fixed #34171 -- Fixed QuerySet.bulk_create() on fields with ↵DevilsAutumn
db_column in unique_fields/update_fields. Bug in 0f6946495a8ec955b471ca1baaf408ceb53d4796. Thanks Joshua Brooks for the report. Backport of 4035bab56f2862a25cd7bfba41a84e58672cb1cc from main
2022-11-22[4.1.x] Fixed #34177 -- Fixed QuerySet.bulk_create() crash on "pk" in ↵Mariusz Felisiak
unique_fields. Bug in 0f6946495a8ec955b471ca1baaf408ceb53d4796. Backport of 7d5329852f19c6ae78c6f6f3d3e41835377bf295 from main
2022-11-08[4.1.x] Fixed #34139 -- Fixed acreate(), aget_or_create(), and ↵Jon Janzen
aupdate_or_create() methods for related managers. Bug in 58b27e0dbb3d31ca1438790870b2b51ecdb10500. Backport of 7b94847e384b1a8c05a7d4c8778958c0290bdf9a from main
2022-11-08[4.1.x] Refs #33646 -- Moved tests of QuerySet async interface into async tests.Bhuvnesh
Backport of e580b891cb5ae31eb0571c88428afb9bf69e47f2 from main
2022-11-07[4.1.x] Fixed #34088 -- Fixed Sitemap.get_latest_lastmod() crash with empty ↵Daniel Ivanov
items. Bug in 480191244d12fefbf95854b2b117c71ffe44749a. Thanks Michal Čihař for the report. Backport of 5eab4d1924613a5506e517f157054b4852ae7dc2 from main
2022-11-04[4.1.x] Fixed #34138 -- Avoided table rebuild when adding inline m2m fields ↵Mariusz Felisiak
on SQLite. Regression in 2f73e5406d54cb8945e187eff302a3a3373350be. Thanks David Wobrock for the report. Backport of 7b0e9ea53ca99de2f485ec582f3a79be34b531d4 from main
2022-10-24[4.1.x] Fixed flaky test_ForeignKey_using_to_field test.Marcelo Galigniana
Backport of 1d6948096f6fe7aa887d651e01e9af8e4ef349a2 from main
2022-10-20[4.1.x] Skipped scrypt tests when OpenSSL 1.1+ is not installed.HieuPham9720
Backport of 3e928de8add92a5f38a562abd7560b023d24b6af from main
2022-10-20[4.1.x] Fixed #34085 -- Made management commands don't use black for ↵Carlton Gibson
non-Python files. Bug in d113b5a837f726d1c638d76c4e88445e6cd59fd5. Co-authored-by: programmylife <acmshar@gmail.com> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Backport of 5c2c7277d4554db34c585477b269bb1acfcbbe56 from main.
2022-10-04[4.1.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as ↵Adam Johnson
regular expressions. Thanks to Benjamin Balder Bach for the report.
2022-10-03[4.1.x] Refs #32987 -- Relaxed system check for template tag modules with ↵Mariusz Felisiak
the same name by turning into a warning. Thanks Claude Paroz for the report. Regression in 004b4620f6f4ad87261e149898940f2dcd5757ef. Backport of f71b0cf769d9ac582ee3d1a8c33d73dad3a770da from main
2022-10-01[4.1.x] Refs #34058 -- Fixed changing/deleting sequences when altering ↵Mariusz Felisiak
pre-Django 4.1 auto fields on PostgreSQL. Thanks Anders Kaseorg for the report. Follow up to 19e6efa50b603af325e7f62058364f278596758f. Regression in 2eea361eff58dd98c409c5227064b901f41bd0d6. Backport of bc3b8f152452ba0e41f28baa93c0bf8f39cddb09 from main
2022-09-30[4.1.x] Fixed #33984 -- Reverted "Fixed #32980 -- Made models cache related ↵Mariusz Felisiak
managers." This reverts 4f8c7fd9d91b35e2c2922de4bb50c8c8066cbbc6 and adds two regression tests: - test_related_manager_refresh(), and - test_create_copy_with_m2m(). Thanks joeli for the report. Backport of 5e0aa362d91d000984995ce374c2d7547d8d107f from main
2022-09-29[4.1.x] Fixed #34062 -- Updated View.http_method_not_allowed() to support async.Antoine Lorence
As with the options() methods, wrap the response in a coroutine if the view is async. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Backport of 9b0c9821ed4dd9920cc7c5e7b657720d91a89bdc from main
2022-09-29[4.1.x] Fixed #34058 -- Changed sequence types when altering pre-Django 4.1 ↵Mariusz Felisiak
auto fields on PostgreSQL. Thanks Anders Kaseorg for the report. Thanks Florian Apolloner for pair programming. Regression in 2eea361eff58dd98c409c5227064b901f41bd0d6. Backport of 19e6efa50b603af325e7f62058364f278596758f from main
2022-09-28[4.1.x] Refs #34010 -- Made --debug-mode work for parallel tests using spawn.Adam Johnson
Bug in 3b3f38b3b09b0f2373e51406ecb8c9c45d36aebc. Thanks Kevin Renskers for the report. Backport of 0f5b11eca0ba199501941fa244b276aaa10353c8 from main
2022-09-28[4.1.x] Fixed #34025 -- Fixed selecting ModelAdmin.autocomplete_fields after ↵David Sanders
adding/changing related instances via popups. Regression in c72f6f36c13a21f6db3d4f85d2d3cec87bad45e6. Thanks Alexandre da Silva for the report. Backport of 9976f3d4b80cfb2e6f4c998438622b78eb1ac53e from main
2022-09-18[4.1.x] Fixed #34016 -- Fixed QuerySet.values()/values_list() crash on ↵Alexander Kerkum
ArrayAgg() and JSONBAgg(). Regression in e06dc4571ea9fd5723c8029959b95808be9f8812. Backport of f88fc72da4eb76f2d464edb4874ef6046f8a8658 from main
2022-09-13[4.1.x] Fixed #33996 -- Fixed CheckConstraint validation on NULL values.David Sanders
Bug in 667105877e6723c6985399803a364848891513cc. Thanks James Beith for the report. Backport of e14d08cd894e9d91cb5d9f44ba7532c1a223f458 from main
2022-09-08[4.1.x] Fixed #33992 -- Fixed queryset crash when aggregating over a group ↵Simon Charette
containing Exists. A more in-depth solution is likely to make sure that we always GROUP BY selected annotations or revisit how we use Query.exists() in the Exists expression but that requires extra work that isn't suitable for a backport. Regression in e5a92d400acb4ca6a8e1375d1ab8121f2c7220be. Thanks Fernando Flores Villaça for the report. Backport of 32536b1324e98768dd892980408a8c6b26c23fd9 from main
2022-09-07[4.1.x] Fixed #33982 -- Fixed migrations crash when adding model with ↵James Beith
ExclusionConstraint. Regression in 0e656c02fe945389246f0c08f51c6db4a0849bd2. Backport of 19e838daa8872ee29fbea0bc471c2a6443f26835 from main
2022-09-01[4.1.x] Fixed #33955, Fixed #33971 -- Reverted "Fixed #32565 -- Moved ↵Mariusz Felisiak
internal URLResolver view-strings mapping to admindocs." This reverts commit 7f3cfaa12b28d15c0ca78bb692bfd6e59d17bff1. Thanks Tom Carrick and Greg Kaleka for reports. Backport of 974942a75039ba43e618f6a5ff95e08b5d5176fd from main
2022-08-29[4.1.x] Refs #33953 -- Fixed test_rename_model_with_db_table_rename_m2m() ↵Mariusz Felisiak
crash on SQLite < 3.20. Backport of a9e7beb959bc726eab1c192d2625d6ff6cfa70f4 from main
2022-08-27[4.1.x] Fixed #33952 -- Reallowed creating reverse foreign key managers on ↵David Wobrock
unsaved instances. Thanks Claude Paroz for the report. Regression in 7ba6ebe9149ae38257d70100e8bfbfd0da189862. Backport of 806e9e2d0dcf8f58e376fb7e2a8b9771e2a9ce16 from main
2022-08-26[4.1.x] Fixed #33953 -- Reverted "Fixed #33201 -- Made RenameModel operation ↵Iuri de Silvio
a noop for models with db_table." Regression in afeafd6036616bac8263d762c1610f22241c0187. This reverts afeafd6036616bac8263d762c1610f22241c0187. Thanks Timothy Thomas for the report. Backport of 166a3b32632c141541d1c3f0eff18e1d8b389404 from main
2022-08-25[4.1.x] Fixed #33938 -- Fixed migration crash for m2m with a through model ↵Simon Charette
in another app. Regression in aa4acc164d1247c0de515c959f7b09648b57dc42. Thanks bryangeplant for the report. Backport of 71902e0d9f93670c4f93ff9d66095b0e571be74b from main
2022-08-17[4.1.x] Fixed #33932 -- Fixed altering AutoFields to OneToOneField on ↵Benoît Vinot
PostgreSQL. Regression in 2eea361eff58dd98c409c5227064b901f41bd0d6. Backport of e3cb8bcb7d2a2d392e726ee1f7e32a8d9038e14c from main
2022-08-12[4.1.x] Fixed #33919 -- Fixed adding AutoFields on PostgreSQL.Mariusz Felisiak
Thanks Jack Calvin Brown for the report. Regression in 2eea361eff58dd98c409c5227064b901f41bd0d6. Backport of 5c803bc0702511c8bc05e9db600367a465514f82 from main
2022-08-09[4.1.x] Fixed #33905 -- Fixed CheckConstraint() validation on range fields.David Sanders
Bug in 667105877e6723c6985399803a364848891513cc. Backport of e0ae1363ec2aa71945be26f869cafd4181ccbc95 from main
2022-08-09[4.1.x] Fixed #33902 -- Fixed Meta.constraints validation crash with F() ↵Mariusz Felisiak
expressions. Thanks Adam Zahradník for the report. Bug in 667105877e6723c6985399803a364848891513cc. Backport of 63884829acd207404f2a5c3cc1d6b4cd0a822b70 from main
2022-08-08[4.1.x] Fixed #33899 -- Fixed migration crash when removing indexed field on ↵Fiza Ashraf
SQLite 3.35.5+. Regression in 702819227fd0cdd9b581cd99e11d1561d51cbeb. Thanks cessor for the report. Backport of c0beff21239e70cbdcc9597e5be09e505bb8f76c from main
2022-08-06[4.1.x] Fixed #33898 -- Fixed Window() expression crash with ArrayAgg().Mariusz Felisiak
Thanks Kia for the report. Regression in e06dc4571ea9fd5723c8029959b95808be9f8812. Backport of fd93db97c7228b16a4f92f97ef05b0d72418d952 from main
2022-08-05[4.1.x] Fixed #33893 -- Reverted "Fixed #28889 -- Prevented double ↵Fab
submission of admin forms." Regression in fe7dbef5867c577995f0fc849d8dfdb8f2e6bbfa. Backport of 0756c61f2ada56e4ae625589099c0141a77737eb from main
2022-08-04[4.1.x] Refs #33173, Refs #33755 -- Fixed ResourceWarning from unclosed ↵Carlton Gibson
files in ASGI tests. Backport of f476c8847a0bf1a4e20becfb3dc66f4da0dbf579 from main
generated by cgit v1.3 (git 2.53.0) at 2026-06-30 21:07:20 +0000