| Age | Commit message (Collapse) | Author |
|
|
|
|
|
BaseDatabaseSchemaEditor.alter_field().
Regression in f9a44cc0fac653f8e0c2ab1cdfb12b2cc5c63fc2.
Now that ManyToManyField is no longer concrete the decision of whether or not
it should be altered, which is also relied on by field renaming, should take
into consideration name changes even if it doesn't have a column associated
with it, as auto-created many-to-many relationship table names are a base of it.
Note that there is room for optimization here where a rename can be entirely
avoided if ManyToManyField.db_table remains stable between .name changes, just
like we do with Field.db_column remaining stable, but since this is a
regression and meant to be backported the current patch focuses on correctness
over further improvements.
Thanks Josik for the report.
Co-authored-by: Simon Charette <charette.s@gmail.com>
|
|
Clarified that the nulls_distinct argument is not supported, as opposed
to certain values for the argument.
Thanks Russell Owen for the report.
|
|
querystring template tag.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
migration test.
|
|
explicit grouping.
Co-authored-by: Simon Charette <charette.s@gmail.com>
|
|
(23.7+).
Thanks Jacob Walls for the review.
|
|
|
|
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
Only children at one level of depth need to be visited.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
This variable should only be set once. Under forkserver, this module
was getting executed multiple times, causing nested temporary dirs
that didn't clean up properly, raising FileNotFoundError.
This similar to #27890 although a slightly different cause.
|
|
incomplete entities.
|
|
values in Value.
Previously, only strings were supplied with an output_field when wrapping
direct value iterable elements in Value expressions for ExpressionList. This
caused problems for __in lookups on JSONField when using expressions
alongside direct values, as JSONField values can have different types which
need to be adapted by the field's get_db_prep_value().
Refs #36689.
Thanks Jacob Walls for the review.
|
|
|
|
Oracle.
Added a JSONIn lookup to handle correct serialization and extraction
for JSONField top-level __in queries on backends without native JSON
support. KeyTransformIn now subclasses JSONIn.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
Thanks Jacob Walls for the report and review.
|
|
GeometryCollectionField.
|
|
Before, `context` and `content` were validated at compile time.
|
|
get_db_prep_save.
The validation in validate_autopk_value is specific to saving. Having it in
get_db_prep_value caused Value(0, AutoField()) to fail unexpectedly when used
in a filter on MySQL.
Thanks Jacob Walls for the review.
|
|
Thanks Sarah Boyce for the implementation idea.
|
|
This is also applicable on CockroachDB.
|
|
|
|
Refactored serialization logic to allow models inheriting a natural_key()
method (e.g. AbstractBaseUser) to explicitly opt out of natural key
serialization by returning an empty tuple from the method.
Thanks Jonas Dittrich for the report.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
|
|
serializer.
Previously, `getInnerText()` recursively used `list.extend()` on strings,
which added each character from child nodes as a separate list element.
On deeply nested XML content, this caused the overall deserialization
work to grow quadratically with input size, potentially allowing
disproportionate CPU consumption for crafted XML.
The fix separates collection of inner texts from joining them, so that
each subtree is joined only once, reducing the complexity to linear in
the size of the input. These changes also include a mitigation for a
xml.dom.minidom performance issue.
Thanks Seokchan Yoon (https://ch4n3.kr/) for report.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
column aliases on PostgreSQL.
Follow-up to CVE-2025-57833.
Thanks Stackered for the report, and Simon Charette and Mariusz Felisiak
for the reviews.
|
|
|
|
Ideally, this will be reverted when an upstream solution is available for
https://github.com/python/cpython/issues/141560.
Thanks Patrick Rauscher for the report and Augusto Pontes for the
first iteration and test.
|
|
|
|
Refs CVE-2025-64458.
The previous limit of 2048 characters reused the URLValidator constant
and proved too restrictive for legitimate redirects to some third-party
services. This change introduces a separate `MAX_URL_REDIRECT_LENGTH`
constant (defaulting to 16384) and uses it in HttpResponseRedirectBase.
Thanks Jacob Walls for report and review.
|
|
OverwritingStorageTests.test_save_overwrite_behavior_temp_file().
|
|
__num_dimensions lookup.
|
|
|
|
tests/auth_tests/test_handlers.py.
|
|
Regression in b8e5a8a9a2a767f584cbe89a878a42363706f939.
Refs #36404.
The replace_expressions method was innapropriately dealing with falsey
but not None source expressions causing them to also be potentially
evaluated when __bool__ was invoked (e.g. QuerySet.__bool__ evaluates
the queryset).
The changes introduced in b8e5a8a9a2, which were to deal with a similar
issue, surfaced the problem as aggregation over an annotated queryset
requires an inlining (or pushdown) of aggregate references which is
achieved through replace_expressions.
In cases where an empty Q object was provided as an aggregate filter,
such as when the admin facetting feature was used as reported, it would
wrongly be turned into None, instead of an empty WhereNode, causing a
crash at aggregate filter compilation.
Note that the crash signature differed depending on whether or not the
backend natively supports aggregate filtering
(supports_aggregate_filter_clause) as the fallback, which makes use
Case / When expressions, would result in a TypeError instead of a
NoneType AttributeError.
Thanks Rafael Urben for the report, Antoliny and Youngkwang Yang for
the triage.
|
|
feature flags.
Needed on MongoDB.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
GEOS 3.8 (released Oct-2019) will be more than 5 years old when
Django 6.1 is released (Aug-2026).
|
|
urlize().
This case was inadvertently fixed in ad94446fcc5b50401dd0c48718502d5d1b92df58.
|
|
unbounded decimal ranges.
Co-authored-by: Aman Sharma <210100011@iitb.ac.in>
|
|
|
|
Python 3.15 defaults suggest_on_error=True, but the feature is available
from 3.14, so this change opts in earlier. This change can be reverted
when Python 3.15 is the minimum supported version.
|
|
|
|
Co-authored-by: Karl Wooster <karl.wooster@alleima.com>
|
|
Thanks Mustafa Barakat for the report, Baptiste Mispelon for
the triage, and Jake Howard for the review.
|
|
Regression in 64b1ac7292c72d3551b2ad70b2a78c8fe4af3249.
|
|
Thanks Lily for the review.
|
|
|
|
|
|
Regression in 0b83c8cc4db95812f1e15ca19d78614e94cf38dd which added
support for running checks only against databases but also defaulted to
running against no databases if not specified.
Note that this continues to *not* default to runing database tagged
checks for all management commands except the migrate one as whether or
not we should change this must be discussed further.
Thanks Tim Graham for surfacing how this was a problematic default.
|
|
This was missed when Field.check(databases) was introduced.
|