| Age | Commit message (Expand) | Author |
|---|
| 30 hours | [5.2.x] Fixed typo in stub release notes for 5.2.14.stable/5.2.x | Jacob Walls |
| 3 days | [5.2.x] Added stub release notes and release date for 5.2.14. | Sarah Boyce |
| 2026-04-07 | [5.2.x] Added CVE-2026-3902, CVE-2026-4277, CVE-2026-4292, CVE-2026-33033, an... | Jacob Walls |
| 2026-04-07 | [5.2.x] Fixed CVE-2026-33034 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE on body ... | Natalia |
| 2026-04-07 | [5.2.x] Fixed CVE-2026-33033 -- Mitigated potential DoS in MultiPartParser. | Natalia |
| 2026-04-07 | [5.2.x] Fixed CVE-2026-4292 -- Disallowed instance creation via ModelAdmin.li... | Jacob Walls |
| 2026-04-07 | [5.2.x] Fixed CVE-2026-4277 -- Checked add permissions in GenericInlineModelA... | Jacob Walls |
| 2026-04-07 | [5.2.x] Fixed CVE-2026-3902 -- Ignored headers with underscores in ASGIRequest. | Jacob Walls |
| 2026-03-31 | [5.2.x] Added stub release notes and release date for 5.2.13 and 4.2.30. | Jacob Walls |
| 2026-03-03 | [5.2.x] Added CVE-2026-25673 and CVE-2026-25674 to security archive. | Natalia |
| 2026-03-03 | [5.2.x] Fixed CVE-2026-25674 -- Prevented potentially incorrect permissions o... | Natalia |
| 2026-03-03 | [5.2.x] Fixed CVE-2026-25673 -- Simplified URLField scheme detection. | Natalia |
| 2026-02-24 | [5.2.x] Added stub release notes and release date for 5.2.12 and 4.2.29. | Natalia |
| 2026-02-10 | [5.2.x] Fixed #36903 -- Fixed further NameErrors when inspecting functions wi... | 93578237 |
| 2026-02-10 | [5.2.x] Added stub release notes for 5.2.12. | Jacob Walls |
| 2026-02-03 | [5.2.x] Added CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285, C... | Jacob Walls |
| 2026-02-03 | [5.2.x] Fixed CVE-2026-1312 -- Protected order_by() from SQL injection via al... | Jacob Walls |
| 2026-02-03 | [5.2.x] Fixed CVE-2026-1287 -- Protected against SQL injection in column alia... | Jake Howard |
| 2026-02-03 | [5.2.x] Fixed CVE-2026-1285 -- Mitigated potential DoS in django.utils.text.T... | Natalia |
| 2026-02-03 | [5.2.x] Fixed CVE-2026-1207 -- Prevented SQL injections in RasterField lookup... | Jacob Walls |
| 2026-02-03 | [5.2.x] Fixed CVE-2025-14550 -- Optimized repeated header parsing in ASGI req... | Jake Howard |
| 2026-02-03 | [5.2.x] Fixed CVE-2025-13473 -- Standardized timing of check_password() in mo... | Jake Howard |
| 2026-01-27 | [5.2.x] Added stub release notes and release date for 5.2.11 and 4.2.28. | Jacob Walls |
| 2026-01-08 | [5.2.x] Clarified regression nature of data loss bug in docs/releases/5.2.10.... | Tim Graham |
| 2026-01-06 | [5.2.x] Added stub release notes for 5.2.11. | Jacob Walls |
| 2026-01-06 | [5.2.x] Added release date for 5.2.10. | Jacob Walls |
| 2025-12-31 | [5.2.x] Refs #33647 -- Fixed silent data truncation in bulk_create on Postgres. | Simon Charette |
| 2025-12-22 | [5.2.x] Fixed #36376 -- Fixed --no-color for command help in Python 3.14+. | Skyiesac |
| 2025-12-02 | [5.2.x] Added CVE-2025-13372 and CVE-2025-64460 to security archive. | Natalia |
| 2025-12-02 | [5.2.x] Added stub release notes for 5.2.10. | Natalia |
| 2025-12-02 | [5.2.x] Fixed CVE-2025-64460 -- Corrected quadratic inner text accumulation i... | Shai Berger |
| 2025-12-02 | [5.2.x] Fixed CVE-2025-13372 -- Protected FilteredRelation against SQL inject... | Jacob Walls |
| 2025-12-01 | [5.2.x] Fixed #36712 -- Evaluated type annotations lazily in template tag reg... | Jacob Walls |
| 2025-11-26 | [5.2.x] Refs #36743 -- Added missing release notes for 5.1.15 and 4.2.27. | Natalia |
| 2025-11-26 | [5.2.x] Fixed #36743 -- Increased URL max length enforced in HttpResponseRedi... | varunkasyap |
| 2025-11-25 | [5.2.x] Added stub release notes and release date for 5.2.9, 5.1.15, and 4.2.27. | Natalia |
| 2025-11-24 | [5.2.x] Fixed #36751 -- Fixed empty filtered aggregation crash over annotated... | Simon Charette |
| 2025-11-20 | [5.2.x] Added missing ticket links in docs/releases/5.2.8.txt. | Jacob Walls |
| 2025-11-20 | [5.2.x] Fixed #36748 -- Filtered non-standard placeholders from UNNEST queries. | Chris Wesseling |
| 2025-11-18 | [5.2.x] Fixed #36733 -- Escaped attributes in Stylesheet.__str__(). | varunkasyap |
| 2025-11-05 | [5.2.x] Added CVE-2025-64458 and CVE-2025-64459 to security archive. | Natalia |
| 2025-11-05 | [5.2.x] Added stub release notes for 5.2.9. | Natalia |
| 2025-11-05 | [5.2.x] Fixed CVE-2025-64459 -- Prevented SQL injections in Q/QuerySet via th... | Jacob Walls |
| 2025-11-05 | [5.2.x] Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedire... | Jacob Walls |
| 2025-11-04 | [5.2.x] Fixed #36704 -- Fixed system check error for proxy model with a compo... | Hal Blackburn |
| 2025-10-29 | [5.2.x] Added stub release notes and release date for 5.2.8, 5.1.14, and 4.2.26. | Jacob Walls |
| 2025-10-17 | [5.2.x] Refs #35844 -- Doc'd Python 3.14 compatibility. | Mariusz Felisiak |
| 2025-10-14 | [5.2.x] Fixed #36648, Refs #33772 -- Accounted for composite pks in first()/l... | Jacob Walls |
| 2025-10-11 | [5.2.x] Fixed #36646 -- Added compatibility for oracledb 3.4.0. | Simon Charette |
| 2025-10-01 | [5.2.x] Rewrapped security archive at 79 chars. | Mariusz Felisiak |
