django.git - django

Age	Commit message (Collapse)	Author
2022-02-01	[3.2.x] Bumped version for 3.2.12 release.3.2.12	Mariusz Felisiak

2022-02-01	[3.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.	Mariusz Felisiak
	Thanks Alan Ryan for the report and initial patch. Backport of fc18f36c4ab94399366ca2f2007b3692559a6f23 from main.
2022-02-01	[3.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.	Markus Holtermann
	Thanks Keryn Knight for the report. Backport of 394517f07886495efcf79f95c7ee402a9437bd68 from main. Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-25	[3.2.x] Added stub release notes for 3.2.12 and 2.2.27.	Mariusz Felisiak
	Backport of eeca9342381c8583be16f18942774e785ab7e527 from main.
2022-01-04	[3.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security ↵	Carlton Gibson
	archive. Backport of 63869ab1f191ab5781cde8b813b838300455f6d6 from main
2022-01-04	[3.2.x] Post-release version bump.	Carlton Gibson

2022-01-04	[3.2.x] Bumped version for 3.2.11 release.3.2.11	Carlton Gibson

2022-01-04	[3.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage ↵	Florian Apolloner
	subsystem. Thanks to Dennis Brinkrolf for the report.
2022-01-04	[3.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in ↵	Florian Apolloner
	dictsort template filter. Thanks to Dennis Brinkrolf for the report. Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04	[3.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in ↵	Florian Apolloner
	UserAttributeSimilarityValidator. Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu>
2021-12-28	[3.2.x] Added stub release notes for 3.2.11, and 2.2.26 releases.	Carlton Gibson
	Backport of b13d920b7b56d3e088e35311f5ee54f25d2779af from main.
2021-12-15	[3.2.x] Refs #33365, Refs #30530 -- Doc'd re_path() behavior change in ↵	Mariusz Felisiak
	Django 2.2.25, 3.1.14, and 3.2.10. Follow up to d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6. Backport of 5de12a369a7b2231e668e0460c551c504718dbf6 from main
2021-12-07	[3.2.x] Added CVE-2021-44420 to security archive.	Mariusz Felisiak
	Backport of 8747052411275d290b2152ffcb8dee11afbb82cd from main
2021-12-07	[3.2.x] Post-release version bump.	Mariusz Felisiak

2021-12-07	[3.2.x] Bumped version for 3.2.10 release.3.2.10	Mariusz Felisiak

2021-12-07	[3.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an ↵	Florian Apolloner
	upstream access control based on URL paths. Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports. Backport of d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6 from main.
2021-12-04	[3.2.x] Refs #33333 -- Fixed ↵	Mariusz Felisiak
	PickleabilityTestCase.test_annotation_with_callable_default() crash on Oracle. Grouping by LOBs is not allowed on Oracle. This moves a binary field to a separate model. Backport of d3a64bea51676fcf8a0ae593cf7b103939e12c87 from main
2021-12-03	[3.2.x] Fixed #33333 -- Fixed setUpTestData() crash with models.BinaryField ↵	Mariusz Felisiak
	on PostgreSQL. This makes models.BinaryField pickleable on PostgreSQL. Regression in 3cf80d3fcf7446afdde16a2be515c423f720e54d. Thanks Adam Zimmerman for the report. Backport of 2c7846d992ca512d36a73f518205015c88ed088c from main.
2021-11-30	[3.2.x] Added requirements.txt to files ignored by Sphinx builds.	Mariusz Felisiak

2021-11-30	[3.2.x] Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25.	Mariusz Felisiak
	Backport of ae4077e13ea2e4c460c3f21b9aab93a696590851 from main
2021-11-23	[3.2.x] Corrected signatures of QuerySet's methods.	Mariusz Felisiak
	Backport of a17becf4c7f4e4057e8c94990e4b4999be0aea95 from main
2021-11-22	[3.2.x] Corrected isort example in coding style docs.	Mariusz Felisiak
	Follow up to e74b3d724e5ddfef96d1d66bd1c58e7aae26fc85. Backport of 8b020f2e64f1cbf2b06205a389a13af6623f90ce from main
2021-11-22	[3.2.x] Corrected "pip install" call in coding style docs.	Paolo Melchiorre
	Backport of dd528cb2cefc0db8b91a7ff0a2bc87305b976597 from main
2021-11-18	[3.2.x] Configured Read The Docs to build all formats.	Adam Johnson
	`all` acts as an alias for all formats ([docs](https://docs.readthedocs.io/en/stable/config-file/v2.html#formats)). Whilst there are only three formats right now, this would auto expand to other formats in the future, which seems desirable? Backport of 1fe23bdd29a8f2f6802c2038702ff7a5d0e21a0d from main
2021-11-18	[3.2.x] Fixed crash building HTML docs since Sphinx 4.3.	Mariusz Felisiak
	See https://github.com/sphinx-doc/sphinx/commit/dd2ff3e911c751c06c81f494128fba56d8ecbafd. Backport of f0480ddd2d3cb04b784cf7ea697f792b45c689cc from main
2021-11-04	[3.2.x] Corrected multiply defined labels in docs.	Mariusz Felisiak
	Backport of 60503cc747eeda7c61bab02b71f8f55a733a6eea from main
2021-11-03	[3.2.x] Refs #33247 -- Corrected configuration for Read The Docs.	Carlton Gibson
	This pins Sphinx version, because the default Sphinx version used by RTD is not compatible with Python 3.8+. This also, sets Python 3.8 for RTD builds which is compatible with all current versions of Django. Thanks to Mariusz Felisiak for the suggestion. Backport of 447b6c866f0741bb68c92dc925a65fb15bfe7995 from main.
2021-11-03	[3.2.x] Fixed #33247 -- Added configuration for Read The Docs.	Carlton Gibson
	Co-authored-by: Andrew Neitsch <andrew@neitsch.ca> Backport of 0da7a2e9dab81b622a2000536c6a96de7f46e237 from main
2021-11-03	[3.2.x] Corrected module reference in contributing tutorial.	Adam Johnson
	Backport of 9f3bd9dfc42b4e0ff89566763d211ab9e8f50d5e from main
2021-11-03	[3.2.x] Fixed typo in docs/topics/logging.txt.	Brad
	Backport of c7152cb58ea84f51bc2096fb5d3cf03ab31ea985 from main
2021-11-01	[3.2.x] Added stub release notes for Django 3.2.10.	Mariusz Felisiak
	Backport of d811fa1d1012e746719aa3af351f56ad21f92610 from main
2021-11-01	[3.2.x] Post-release version bump.	Mariusz Felisiak

2021-11-01	[3.2.x] Bumped version for 3.2.9 release.3.2.9	Mariusz Felisiak

2021-11-01	[3.2.x] Added release date for 3.2.9.	Mariusz Felisiak
	Backport of 7ec603ba259083298c9598a41987b4c4f2a5d134 from main
2021-11-01	[3.2.x] Added Google Cloud Spanner to list of third-party DB backends.	Vikash Singh
	Backport of 125f9afc2c42449ee79283fefa778651acfd4aed from main
2021-10-27	[3.2.x] Refs #33182 -- Adjusted custom admin theming example to use correct ↵	Carlton Gibson
	template block. Backport of a754b82dac511475b6276039471ccd17cc64aeb8 from main
2021-10-18	[3.2.x] Fixed #33194 -- Fixed migrations when altering a field with ↵	Hannes Ljungberg
	functional indexes on SQLite. This adjusts Expressions.rename_table_references() to only update alias when needed. Regression in 83fcfc9ec8610540948815e127101f1206562ead. Co-authored-by: Simon Charette <charettes@users.noreply.github.com> Backport of 86971c40909430a798e4e55b140004c4b1fb02ff from main.
2021-10-18	[3.2.x] Fixed #33198 -- Corrected BinaryField.max_length docs.	Nick Frazier
	Backport of 0d4e575c96d408e0efb4dfd0cbfc864219776950 from main
2021-10-15	[3.2.x] Refs #32074 -- Removed usage of deprecated asyncore and smtpd modules.	Mariusz Felisiak
	asyncore and smtpd modules were deprecated in Python 3.10. Backport of 569a33579c3cca5f801c544d9b52a34e3c779424 from main.
2021-10-14	[3.2.x] Refs #27131 -- Removed SMTPBackendTests.test_server_login().	Mariusz Felisiak
	test_server_login() was a regression test for a crash when passing Unicode strings to SMTP server using CRAM-MD5 method on Python 2. Python 2 is no longer supported and test_server_login() passes even without FakeSMTPChannel.smtp_AUTH() because smtplib.SMTPAuthenticationError is raised when AUTH is not implemented. Backport of cdad96e6330cd31185f7496aaf8eb316f2773d6d from main
2021-10-12	[3.2.x] Added 'formatter' to spelling wordlist.	Mariusz Felisiak
	Backport of e43a131887e2a316d4fb829c3a272ef0cbbeea80 from main
2021-10-05	[3.2.x] Refs #32074 -- Doc'd Python 3.10 compatibility in Django 3.2.x.	Mariusz Felisiak
	Backport of 604df4e0adc71da264f61fe85020a170c98e6f09 from main.
2021-10-05	[3.2.x] Refs #32074 -- Added Python 3.10 to classifiers and tox.ini.	Mariusz Felisiak
	Backport of 15987c9c5315ac30f069915e28de78ade788458d from main.
2021-10-05	[3.2.x] Refs #32074 -- Used asyncio.get_running_loop() instead of ↵	Mariusz Felisiak
	get_event_loop() on Python 3.7+. Using asyncio.get_event_loop() when there is no running event loop was deprecated in Python 3.10, see https://bugs.python.org/issue39529.
2021-10-05	[3.2.x] Refs #32074 -- Fixed find_module()/find_loader() warnings on Python ↵	Mariusz Felisiak
	3.10+. Backport of f1bcaa9be8227dce89a320ce1ca37e1df7c80d03 from main.
2021-10-05	[3.2.x] Refs #32074 -- Removed usage of deprecated Thread.setDaemon().	Karthikeyan Singaravelan
	Thread.setDaemon() was deprecated in Python 3.10 and will be removed in Python 3.12. Backport of f9f6bd63c98dc2f01412887f4a98dbfdab363fdf from main
2021-10-05	[3.2.x] Refs #32074 -- Removed usage of Python's deprecated ↵	Mariusz Felisiak
	distutils.version package. The distutils package was formally deprecated in Python 3.10 and will be removed in Python 3.12. Backport of b8c9e9fae14676d2e81242cb8df1e2eeef9c3a2d from main
2021-10-05	[3.2.x] Skipped test_archive tests when bz2/lzma module is not installed.	Mariusz Felisiak
	Backport of ae48601e6d88410626c7d28572f969ab57b33598 from main
2021-10-05	[3.2.x] Added stub release notes for Django 3.2.9.	Carlton Gibson
	Backport of c113f7fb0dae0dfd066d05acd1032c9f57a5aaf9 from main
2021-10-05	[3.2.x] Post-release version bump.	Carlton Gibson