django.git - django

Age	Commit message (Collapse)	Author
2024-08-06	[4.2.x] Bumped version for 4.2.15 release.4.2.15	Sarah Boyce

2024-07-31	[4.2.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection ↵	Simon Charette
	attacks against JSON fields. Thanks Eyal (eyalgabay) for the report.
2024-07-31	[4.2.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in ↵	Mariusz Felisiak
	django.utils.html.urlize() and AdminURLFieldWidget. Thanks Seokchan Yoon for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-07-31	[4.2.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and ↵	Sarah Boyce
	urlizetrunc template filters. Thanks to MProgrammer for the report.
2024-07-31	[4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in ↵	Sarah Boyce
	floatformat. Thanks Elias Myllymäki for the report. Co-authored-by: Shai Berger <shai@platonix.com>
2024-07-31	[4.2.x] Added stub release notes and release date for 4.2.15.	Sarah Boyce
	Backport of 3f880890699d4412cf23b59dba425111f62afb3a from main.
2024-07-25	[4.2.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ↵	Lorenzo Peña
	ValueError in get_supported_language_variant(). LocaleMiddleware didn't handle the ValueError raised by get_supported_language_variant() when language codes were over 500 characters. Regression in 9e9792228a6bb5d6402a5d645bc3be4cf364aefb. Backport of 0e94f292cda632153f2b3d9a9037eb0141ae9c2e from main.
2024-07-11	[4.2.x] Fixed auth_tests and file_storage tests on Python 3.8.	Mariusz Felisiak

2024-07-09	[4.2.x] Added CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and ↵	Natalia
	CVE-2024-39614 to security archive. Backport of e095c7612d49dbe371e9c7edd76ba99b6bc4f9f6 from main.
2024-07-09	[4.2.x] Post-release version bump.	Natalia

2024-07-09	[4.2.x] Bumped version for 4.2.14 release.4.2.14	Natalia

2024-07-09	[4.2.x] Fixed CVE-2024-39614 -- Mitigated potential DoS in ↵	Sarah Boyce
	get_supported_language_variant(). Language codes are now parsed with a maximum length limit of 500 chars. Thanks to MProgrammer for the report.
2024-07-09	[4.2.x] Fixed CVE-2024-39330 -- Added extra file name validation in ↵	Natalia
	Storage's save method. Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah Boyce for the reviews.
2024-07-09	[4.2.x] Fixed CVE-2024-39329 -- Standarized timing of verify_password() when ↵	Michael Manfre
	checking unusuable passwords. Refs #20760. Thanks Michael Manfre for the fix and to Adam Johnson for the review.
2024-07-09	[4.2.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and ↵	Adam Johnson
	urlizetrunc template filters. Thank you to Elias Myllymäki for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-07-03	[4.2.x] Added stub release notes for 4.2.14.	Natalia

2024-05-07	[4.2.x]Post-release version bump.	Natalia

2024-05-07	[4.2.x] Bumped version for 4.2.13 release.4.2.13	Sarah Boyce

2024-05-07	[4.2.x] Added release notes for 4.2.13.	Sarah Boyce
	Backport of 90175e110e7cfcf07f4ccdaadc45d7ed6302ce00 from main.
2024-05-06	[4.2.x] Post-release version bump.	Natalia

2024-05-06	[4.2.x] Bumped version for 4.2.12 release.4.2.12	Sarah Boyce

2024-05-06	[4.2.x] Added release date for 4.2.12.	Sarah Boyce
	Backport of 34a503162fe222033a1cd3249bccad014fcd1d20 from main.
2024-04-19	[4.2.x] Reverted "Fixed #34994, Fixed #35386 -- Applied checkbox-row CSS ↵	Sarah Boyce
	class unconditionally in Admin." This reverts commit 0fc832676cd585fa420d583937b5b2318bc2c629.
2024-04-19	[4.2.x] Fixed #34994, Fixed #35386 -- Applied checkbox-row CSS class ↵	Adam Johnson
	unconditionally in Admin. Backport of bdd76c4c3817d8e3ed5b0450d5e18e4eae096f16 from main.
2024-04-12	[4.2.x] Refs #35361 -- Clarified release notes for 4.2.12.	Natalia
	Backport of cd823778e66307b82469858cfd8d1aa75613b49a from main.
2024-04-10	[4.2.x] Fixed #35361 -- Added release notes for 4.2.12 for backport of ↵	Natalia
	b231bcd19e57267ce1fc21d42d46f0b65fdcfcf8. Backport of 42435fc55cbf7c04c1389ee46cc50e2565b40e37 from main.
2024-04-10	[4.2.x] Refs #34900, Refs #35361 -- Fixed SafeMIMEText.set_payload() crash ↵	Mariusz Felisiak
	on Python 3.13. Payloads with surrogates are passed to the set_payload() since https://github.com/python/cpython/commit/f97f25ef5dfcdfec0d9a359fd970abd139cf3428 Backport of b231bcd19e57267ce1fc21d42d46f0b65fdcfcf8 from main.
2024-03-04	[4.2.x] Added CVE-2024-27351 to security archive.	Mariusz Felisiak
	Backport of da39ae4b5f056a332b5c48402a2ae11767e7d577 from main
2024-03-04	[4.2.x] Post-release version bump.	Mariusz Felisiak

2024-03-04	[4.2.x] Bumped version for 4.2.11 release.4.2.11	Mariusz Felisiak

2024-03-04	[4.2.x] Fixed CVE-2024-27351 -- Prevented potential ReDoS in Truncator.words().	Shai Berger
	Thanks Seokchan Yoon for the report. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2024-02-26	[4.2.x] Added release date for 4.2.11 and 3.2.25.	Mariusz Felisiak
	Backport of 977d25416954a72ad100b01762078bf1ceb89a63 from main
2024-02-10	[4.2.x] Refs #34900, Refs #34118 -- Updated assertion in ↵	Daniel Garcia Moreno
	test_skip_class_unless_db_feature() test on Python 3.12.2+. Python 3.12.2 bring back the skipped tests in the number of running tests. Refs https://github.com/python/cpython/commit/0a737639dcd3b7181250f5d56694b192eaddeef0 Backport of bc8471f0aac8f0c215b9471b594d159783bac19b from main
2024-02-08	[4.2.x] Fixed #35172 -- Fixed intcomma for string floats.	Mariusz Felisiak
	Thanks Warwick Brown for the report. Regression in 55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9. Backport of 2f14c2cedc9c92373471c1f98a80c81ba299584a from main.
2024-02-06	[4.2.x] Added CVE-2024-24680 to security archive.	Natalia
	Backport of c650c1412d1933e339cc93f9b6745c3eedb1c25b from main
2024-02-06	[4.2.x] Post release version bump.	Natalia

2024-02-06	[4.2.x] Bumped version for 4.2.10 release.4.2.10	Natalia

2024-02-06	[4.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template ↵	Adam Johnson
	filter. Thanks Seokchan Yoon for the report. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Co-authored-by: Shai Berger <shai@platonix.com>
2024-01-30	[4.2.x] Pinned black == 23.12.1 for blacken-docs checks.	nessita

2024-01-29	[4.2.x] Pinned black == 23.12.1 in GitHub actions, pre-commit and test ↵	nessita
	requirements.
2024-01-29	[4.2.x] Added stub release notes for 4.2.10 and 3.2.24.	Natalia
	Backport of 06d0a1bd56a9899c351ca047a05813e8dd6a4e17 from main
2024-01-02	[4.2.x] Post-release version bump.	Mariusz Felisiak

2024-01-02	[4.2.x] Bumped version for 4.2.9 release.4.2.9	Mariusz Felisiak

2024-01-02	[4.2.x] Added release date for 4.2.9.	Mariusz Felisiak
	Backport of f82a2c3b3d553f36661cfdce5261bffb669d68a9 from main.
2023-12-13	[4.2.x] Fixed #35012 -- Restored wrapping admin fieldsets with multiple ↵	Tom Carrick
	fields per line. Thanks James Gillard for the report. Regression in 729266c6f29c7a0677b24926a86a767ef3078b26. Backport of 4aae864463b149393a36e0b18345cf6ed392634d from main
2023-12-05	[4.2.x] Added stub release notes for 4.2.9.	Mariusz Felisiak
	Backport of 464af0975cac6abc46b3e5c3305194c958fc465b from main
2023-12-04	[4.2.x] Post-release version bump.	Mariusz Felisiak

2023-12-04	[4.2.x] Bumped version for 4.2.8 release.4.2.8	Mariusz Felisiak

2023-12-04	[4.2.x] Added release date for 4.2.8.	Mariusz Felisiak
	Backport of 8fcb9f1f106cf60d953d88aeaa412cc625c60029 from main
2023-11-30	[4.2.x] Fixed #35006 -- Fixed migrations crash when altering ↵	Mariusz Felisiak
	Meta.db_table_comment on SQLite. Thanks Юрий for the report. Regression in 78f163a4fb3937aca2e71786fbdd51a0ef39629e. Backport of 37fc832a54ad37e75a898a2c8f9ab0820617c4af from main