| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2022-04-11 | [2.2.x] Bumped version for 2.2.28 release.2.2.28 | Mariusz Felisiak | |
| 2022-04-11 | [2.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) ↵ | Mariusz Felisiak | |
| against SQL injection on PostgreSQL. Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main. | |||
| 2022-04-11 | [2.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), ↵ | Mariusz Felisiak | |
| and extra() against SQL injection in column aliases. Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report. Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main. | |||
| 2022-04-04 | [2.2.x] Added stub release notes for 2.2.28. | Mariusz Felisiak | |
| Backport of 78277faafd38d8360efc1fd0c9c52d7bb5eec002 from main | |||
| 2022-03-26 | [2.2.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+." | Mariusz Felisiak | |
| This reverts commit 1d9d082acf6e152c06833bb9698f88d688b95e40. Backport of abfdb4d7f384fb06ed9b7ca37b548542df7b5dda from main | |||
| 2022-03-25 | [2.2.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+. | Mariusz Felisiak | |
| See https://github.com/pallets/jinja/pull/1621. Backport of 1d9d082acf6e152c06833bb9698f88d688b95e40 from main | |||
| 2022-02-02 | [2.2.x] Fixed typo in release notes. | David Smith | |
| Backport of 770d3e6a4ce8e0a91a9e27156036c1985e74d4a3 from main. | |||
| 2022-02-01 | [2.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive. | Mariusz Felisiak | |
| Backport of 9e0df0d6dde441dbbad2b548d777e0a01d633286 from main | |||
| 2022-02-01 | [2.2.x] Post-release version bump. | Mariusz Felisiak | |
| 2022-02-01 | [2.2.x] Bumped version for 2.2.27 release.2.2.27 | Mariusz Felisiak | |
| 2022-02-01 | [2.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. | Mariusz Felisiak | |
| Thanks Alan Ryan for the report and initial patch. Backport of fc18f36c4ab94399366ca2f2007b3692559a6f23 from main. | |||
| 2022-02-01 | [2.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. | Markus Holtermann | |
| Thanks Keryn Knight for the report. Backport of 394517f07886495efcf79f95c7ee402a9437bd68 from main. Co-authored-by: Adam Johnson <me@adamj.eu> | |||
| 2022-01-25 | [2.2.x] Added stub release notes 2.2.27. | Mariusz Felisiak | |
| Backport of eeca9342381c8583be16f18942774e785ab7e527 from main. | |||
| 2022-01-04 | [2.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security ↵ | Carlton Gibson | |
| archive. Backport of 63869ab1f191ab5781cde8b813b838300455f6d6 from main | |||
| 2022-01-04 | [2.2.x] Post-release version bump. | Carlton Gibson | |
| 2022-01-04 | 2.2.x] Bumped version for 2.2.26 release.2.2.26 | Carlton Gibson | |
| 2022-01-04 | [2.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage ↵ | Florian Apolloner | |
| subsystem. Thanks to Dennis Brinkrolf for the report. | |||
| 2022-01-04 | [2.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in ↵ | Florian Apolloner | |
| dictsort template filter. Thanks to Dennis Brinkrolf for the report. Co-authored-by: Adam Johnson <me@adamj.eu> | |||
| 2022-01-04 | [2.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in ↵ | Florian Apolloner | |
| UserAttributeSimilarityValidator. Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu> | |||
| 2021-12-28 | [2.2.x] Added stub release notes for 2.2.26 release. | Carlton Gibson | |
| 2021-12-15 | [2.2.x] Refs #33365, Refs #30530 -- Doc'd re_path() behavior change in ↵ | Mariusz Felisiak | |
| Django 2.2.25, 3.1.14, and 3.2.10. Follow up to d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6. Backport of 5de12a369a7b2231e668e0460c551c504718dbf6 from main | |||
| 2021-12-07 | [2.2.x] Added CVE-2021-44420 to security archive. | Mariusz Felisiak | |
| Backport of 8747052411275d290b2152ffcb8dee11afbb82cd from main | |||
| 2021-12-07 | [2.2.x] Post-release version bump. | Mariusz Felisiak | |
| 2021-12-07 | [2.2.x] Bumped version for 2.2.25 release.2.2.25 | Mariusz Felisiak | |
| 2021-12-07 | [2.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an ↵ | Florian Apolloner | |
| upstream access control based on URL paths. Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports. Backport of d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6 from main. | |||
| 2021-11-30 | [2.2.x] Added requirements.txt to files ignored by Sphinx builds. | Mariusz Felisiak | |
| Backport of 0cf2d48ba83543b16bdf390d941eb98e8d34f3bd from stable/3.2.x. | |||
| 2021-11-30 | [2.2.x] Added stub release notes for 2.2.25. | Mariusz Felisiak | |
| Backport of ae4077e13ea2e4c460c3f21b9aab93a696590851 from main. | |||
| 2021-11-18 | [2.2.x] Fixed crash building HTML docs since Sphinx 4.3. | Mariusz Felisiak | |
| See https://github.com/sphinx-doc/sphinx/commit/dd2ff3e911c751c06c81f494128fba56d8ecbafd. Backport of f0480ddd2d3cb04b784cf7ea697f792b45c689cc from main | |||
| 2021-11-18 | [2.2.x] Configured Read The Docs to build all formats. | Adam Johnson | |
| `all` acts as an alias for all formats ([docs](https://docs.readthedocs.io/en/stable/config-file/v2.html#formats)). Whilst there are only three formats right now, this would auto expand to other formats in the future, which seems desirable? Backport of 1fe23bdd29a8f2f6802c2038702ff7a5d0e21a0d from main | |||
| 2021-11-03 | [2.2.x] Refs #33247 -- Corrected configuration for Read The Docs. | Carlton Gibson | |
| This pins Sphinx version, because the default Sphinx version used by RTD is not compatible with Python 3.8+. This also, sets Python 3.8 for RTD builds which is compatible with all current versions of Django. Thanks to Mariusz Felisiak for the suggestion. Backport of 447b6c866f0741bb68c92dc925a65fb15bfe7995 from main. | |||
| 2021-11-03 | [2.2.x] Fixed #33247 -- Added configuration for Read The Docs. | Carlton Gibson | |
| Co-authored-by: Andrew Neitsch <andrew@neitsch.ca> Backport of 0da7a2e9dab81b622a2000536c6a96de7f46e237 from main | |||
| 2021-11-03 | [2.2.x] Refs #32856 -- Clarified that psycopg2 < 2.9 is required. | Mariusz Felisiak | |
| Follow up to 837ffcfa681d0f65f444d881ee3d69aec23770be. | |||
| 2021-10-12 | [2.2.x] Added 'formatter' to spelling wordlist. | Mariusz Felisiak | |
| Backport of e43a131887e2a316d4fb829c3a272ef0cbbeea80 from main | |||
| 2021-09-02 | [2.2.x] Fixed #33082 -- Fixed CommandTests.test_subparser_invalid_option on ↵ | Mariusz Felisiak | |
| Python 3.9.7+. Thanks Michał Górny for the report. Backport of 50ed545e2fa02c51e0d1559b83624f256e4b499b from main. | |||
| 2021-07-30 | [2.2.x] Refs #31676 -- Updated technical board description in organization docs. | Mariusz Felisiak | |
| According to DEP 0010. Backport of f2ed2211c26ba375390cb76725c95ae970a0fd1d from main. | |||
| 2021-07-30 | [2.2.x] Refs #31676 -- Added Mergers and Releasers to organization docs. | Mariusz Felisiak | |
| According to DEP 0010. Backport of 228ec8e015bac9751c8aef3107358fbb2cb3301b from main | |||
| 2021-07-30 | [2.2.x] Refs #31676 -- Removed Core team from organization docs. | Mariusz Felisiak | |
| According to DEP 0010. Backport of caa2dd08c4722c8702588f5dfe1fa4c506aa66fc from main | |||
| 2021-07-13 | [2.2.x] Refs #31676 -- Removed Django Core-Mentorship mailing list ↵ | Mariusz Felisiak | |
| references in docs. Backport of 37e8367c359cd115f109d82f99ff32be219f4928 from main. | |||
| 2021-06-21 | [2.2.x] Refs #32856 -- Doc'd that psycopg2 < 2.9 is required. | Mariusz Felisiak | |
| 2021-06-02 | [2.2.x] Fixed docs header underlines in security archive. | Mariusz Felisiak | |
| Backport of d9cee3f5f2f90938d2c2c0230be40c7d50aef53d from main | |||
| 2021-06-02 | [2.2.x] Added CVE-2021-33203 and CVE-2021-33571 to security archive. | Carlton Gibson | |
| Backport of a39f235ca4cb7370dba3a3dedeaab0106d27792f from main | |||
| 2021-06-02 | [2.2.x] Post-release version bump. | Carlton Gibson | |
| 2021-06-02 | [2.2.x] Bumped version for 2.2.24 release.2.2.24 | Carlton Gibson | |
| 2021-06-02 | [2.2.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses. | Mariusz Felisiak | |
| validate_ipv4_address() was affected only on Python < 3.9.5, see [1]. URLValidator() uses a regular expressions and it was affected on all Python versions. [1] https://bugs.python.org/issue36384 | |||
| 2021-06-02 | [2.2.x] Fixed CVE-2021-33203 -- Fixed potential path-traversal via ↵ | Florian Apolloner | |
| admindocs' TemplateDetailView. | |||
| 2021-06-02 | [2.2.x] Confirmed release date for Django 2.2.24. | Carlton Gibson | |
| Backport of f66ae7a2d5558fe88ddfe639a610573872be6628 from main. | |||
| 2021-05-26 | [2.2.x] Added stub release notes and date for Django 2.2.24. | Carlton Gibson | |
| Backport of b46dbd4e3e255223078ae0028934ea986e19ebc1 from main | |||
| 2021-05-20 | [2.2.x] Changed IRC references to Libera.Chat. | Mariusz Felisiak | |
| Backport of 66491f08fe86629fa25977bb3dddda06959f65e7 from main. | |||
| 2021-05-14 | [2.2.x] Refs #32718 -- Fixed file_storage.test_generate_filename and ↵ | Mariusz Felisiak | |
| model_fields.test_filefield tests on Python 3.5. | |||
| 2021-05-13 | [2.2.x] Post-release version bump. | Mariusz Felisiak | |
 |
index : django.git | |
| django |
| summaryrefslogtreecommitdiff |