summaryrefslogtreecommitdiff
path: root/docs/releases
AgeCommit message (Collapse)Author
2021-10-05[3.2.x] Added release date for 3.2.7.Carlton Gibson
Backport of c5776bfca9e3f35e0ab5aacbdc1a4dbfe92fdfd1 from main
2021-09-21[3.2.x] Fixed #33083 -- Fixed selecting all items in the admin changelist ↵Carlton Gibson
when actions are both top and bottom. Thanks Benjamin Locher for the report. Regression in 30e59705fc3e3e9e8370b965af794ad6173bf92b. Backport of b0ed619303d2fb723330ca9efa3acf23d49f1d19 from main
2021-09-18[3.2.x] Fixed #33077 -- Fixed links to related models for admin's readonly ↵Ken Whitesell
fields in custom admin site. Backport of 0a9aa02e6f1d1b9ceca155d281a2be624bb1d3a2 from main
2021-09-01[3.2.x] Added stub release notes for Django 3.2.8.Mariusz Felisiak
Backport of af10e97531a59e4af09b5ec0c1a3ea476f2b6015 from main
2021-09-01[3.2.x] Added release date for 3.2.7.Mariusz Felisiak
Backport of f3a0dc5b2a0e5ef6fa2ae896ede6a7d56e20653b from main
2021-08-30[3.2.x] Fixed #32992 -- Restored offset extraction for fixed offset timezones.Carlton Gibson
Regression in 10d126198434810529e0220b0c6896ed64ca0e88. Backport of cbba49971bbbbe3e8c6685e4ce6ab87b1187ae87 from main
2021-08-02[3.2.x] Added stub release notes for Django 3.2.7.Carlton Gibson
Backport of 947bdec60cd7f63dc1573578137747893d673700 from main
2021-08-02[3.2.x] Confirmed release date for Django 3.2.6.Carlton Gibson
Backport of 74a86e9b5eaf4f0d2bb5bf6b7948000c75cdd4a6 from main
2021-07-26[3.2.x] Fixed #32947 -- Fixed hash() crash on reverse M2M relation when ↵Tom Wojcik
through_fields is a list. Regression in c32d8f33d8e988a376e44997b8f3606d821f305e. Backport of 20226fcd461670334646f78a0c4d133e439b12b2 from main
2021-07-21[3.2.x] Refs #32949 -- Adjusted release note wording.Carlton Gibson
Backport of 012f38f9594b35743e9ab231757b7b62db638323 from main
2021-07-21[3.2.x] Fixed #32949 -- Restored invalid number handling in ↵yakimka
DecimalField.validate(). DecimalField must itself validate() values, such as NaN, which cannot be passed to validators, such as MaxValueValidator, during the run_validators() phase. Regression in cc3d24d7d577f174937a0744d886c4c7123cfa85. Backport of c542d0a07237033225c1d57337ca9474a00648f2 from main
2021-07-16[3.2.x] Fixed typo in docs/releases/3.1.13.txt.Jacob Walls
Backport of 00c724f2f255bd3c28a73cc51db8a052644ff949 from main
2021-07-01[3.2.x] Added CVE-2021-35042 to security archive.Mariusz Felisiak
Backport of 8feb2a49fa37528823cc900bbd9609319738193e from main
2021-07-01[3.2.x] Added stub release notes for Django 3.2.6.Mariusz Felisiak
Backport of bcea1a3193d44d8c587173c00abb2eaf61fb9cf7 from main
2021-07-01[3.2.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.order_by().Simon Charette
Regression introduced in 513948735b799239f3ef8c89397592445e1a0cd5 by marking the raw SQL column reference feature for deprecation in Django 4.0 while lifting the column format validation. In retrospective the validation should have been kept around and the user should have been pointed at using RawSQL expressions during the deprecation period. The main branch is not affected because the raw SQL column reference support has been removed in 06eec3197009b88e3a633128bbcbd76eea0b46ff per the 4.0 deprecation life cycle. Thanks Joel Saunders for the report.
2021-07-01[3.2.x] Added stub release notes for 3.1.13 and release date for 3.2.5.Mariusz Felisiak
Backport of 8e97698d7b537cd298438a8d7b55916d275ff851 from main
2021-06-28[3.2.x] Updated translations from Transifex.Claude Paroz
2021-06-22[3.2.x] Fixed #32863 -- Skipped system check for specifying type of ↵Hasan Ramezani
auto-created primary keys on models with invalid app_label. Regression in b5e12d490af3debca8c55ab3c1698189fdedbbdb. Thanks Iuri de Silvio for the report. Backport of 7a9745fed498f69c46a3ffa5dfaff872e0e1df89 from main
2021-06-10[3.2.x] Fixed #32832 -- Fixed adding BLOB/TEXT nullable field with default ↵Mariusz Felisiak
on MySQL 8.0.13+. Regression in d4ac23bee1c84d8e4610350202ac068fc90f38c0. Thanks Omkar Deshpande for the report. Backport of fa0433d05f213afe4c67055006320f7aba4c8108 from main
2021-06-10[3.2.x] Refs #32503 -- Added release notes for ↵Mariusz Felisiak
5e04e84d67da8163f365e9f5fcd169e2630e2873. Backport of 57bc16b38ec75fc96829f912d57a58d8c6358e8f from main
2021-06-04[3.2.x] Fixed #32812 -- Restored immutability of named values from ↵Takayuki Hirayama
QuerySet.values_list(). Regression in 981a072dd4dec586f8fc606712ed9a2ef116eeee. Thanks pirelle for the report. Backport of 0393b9262dcf1b8302d35a8a470e14837ca1300b from main
2021-06-02[3.2.x] Fixed docs header underlines in security archive.Mariusz Felisiak
Backport of d9cee3f5f2f90938d2c2c0230be40c7d50aef53d from main
2021-06-02[3.2.x] Added stub release notes for Django 3.2.5.Carlton Gibson
Backport of ba10772bf659a9507075d713c416882ce2c8df28 from main
2021-06-02[3.2.x] Added CVE-2021-33203 and CVE-2021-33571 to security archive.Carlton Gibson
Backport of a39f235ca4cb7370dba3a3dedeaab0106d27792f from main
2021-06-02[3.2.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.Mariusz Felisiak
validate_ipv4_address() was affected only on Python < 3.9.5, see [1]. URLValidator() uses a regular expressions and it was affected on all Python versions. [1] https://bugs.python.org/issue36384
2021-06-02[3.2.x] Fixed CVE-2021-33203 -- Fixed potential path-traversal via ↵Florian Apolloner
admindocs' TemplateDetailView.
2021-06-02[3.2.x] Confirmed release date for Django 3.2.4, 3.1.12, and 2.2.24.Carlton Gibson
Backport of f66ae7a2d5558fe88ddfe639a610573872be6628 from main
2021-06-01[3.2.x] Fixed #32793 -- Fixed loss of precision for temporal operations with ↵Mariusz Felisiak
DecimalFields on MySQL. Regression in 1e38f1191de21b6e96736f58df57dfb851a28c1f. Thanks Mohsen Tamiz for the report. Backport of e703b152c6148ddda1b072a4353e9a41dca87f90 from main
2021-05-26[3.2.x] Fixed #32783 -- Fixed crash of autoreloader when __main__ module ↵Mariusz Felisiak
doesn't have __spec__ attribute. Regression in ec6d2531c59466924b645f314ac33f54470d7ac3. Thanks JonathanNickelson for the report. Backport of 12b19a1d76e1a6f80923c8358290d605dacd65d4 from main
2021-05-26[3.2.x] Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24.Carlton Gibson
Backport of b46dbd4e3e255223078ae0028934ea986e19ebc1 from main
2021-05-26[3.2.x] Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for ↵Hasan Ramezani
template changes. Backport of 68357b2ca9e88c40fc00d848799813241be39129 from main
2021-05-20[3.2.x] Changed IRC references to Libera.Chat.Mariusz Felisiak
Backport of 66491f08fe86629fa25977bb3dddda06959f65e7 from main.
2021-05-19[3.2.x] Fixed #32740 -- Caught possible exception when initializing colorama.Carlton Gibson
Backport of c2e6047c725e26987c87e2be59f2ab4bf9828fa5 from main
2021-05-18[3.2.x] Fixed #32747 -- Prevented initialization of unused caches.Mariusz Felisiak
Thanks Alexander Ebral for the report. Regression in 98e05ccde440cc9b768952cc10bc8285f4924e1f. Backport of 958cdf65ae90d26236d1815bbba804729595ec7a from main
2021-05-18[3.2.x] Fixed #32733 -- Skipped system check for specifying type of ↵Rust Saiargaliev
auto-created primary keys on abstract models. Regression in b5e12d490af3debca8c55ab3c1698189fdedbbdb. Backport of a24fed399ced6be2e9dce4cf28db00c3ee21a21c from main
2021-05-18[3.2.x] Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME.Slava Skvortsov
Regression in ba31b0103442ac891fb3cb98f316781254e366c3. Backport of f7691d4812c578e696635718e67639d2e08eac40 from main
2021-05-17[3.2.x] Refs #32720 -- Updated various links in docs to avoid redirects and ↵Nick Pope
use HTTPS. Backport of c156e369553c75a30c78b8ed54a57b1101865105 from main
2021-05-17[3.2.x] Refs #32720 -- Fixed some broken links in docs.Nick Pope
Backport of 7c4ee487c7392a3a394caf62efad355fad639655 from main
2021-05-17[3.2.x] Refs #32720 -- Used full hashes in security archive.Nick Pope
Backport of 1c3bbcf802e661fc599365a097532ed3b362d16b from main
2021-05-17[3.2.x] Corrected commit hashes for security patches.Mariusz Felisiak
Backport of df5c96299ae30dcf8f152cc43c331fb34d39080e from main
2021-05-17[3.2.x] Refs #32720 -- Used :commit: and :source: role in old release notes.Nick Pope
Backport of 8c4caee76a5571c6c8050660a6a9fc30ece6678d from main
2021-05-13[3.2.x] Added stub release notes for Django 3.2.4.Mariusz Felisiak
Backport of 820408d842a07202a80e6ef7f7a57ec6258d88e6 from main
2021-05-13[3.2.x] Fixed #32718 -- Relaxed file name validation in FileField.Mariusz Felisiak
- Validate filename returned by FileField.upload_to() not a filename passed to the FileField.generate_filename() (upload_to() may completely ignored passed filename). - Allow relative paths (without dot segments) in the generated filename. Thanks to Jakub Kleň for the report and review. Thanks to all folks for checking this patch on existing projects. Thanks Florian Apolloner and Markus Holtermann for the discussion and implementation idea. Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3. Backport of b55699968fc9ee985384c64e37f6cc74a0a23683 from main
2021-05-13[3.2.x] Fixed #32717 -- Fixed filtering of querysets combined with the | ↵Simon Charette
operator. Address a long standing bug in a Where.add optimization to discard equal nodes that was surfaced by implementing equality for Lookup instances in bbf141bcdc31f1324048af9233583a523ac54c94. Thanks Shaheed Haque for the report. Backport of b81c7562fc33f50166d5120138d6398dc42b13c3 from main
2021-05-12[3.2.x] Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' ↵Nick Pope
connection options in MySQL backend. The 'db' and 'passwd' connection options have been deprecated, use 'database' and 'password' instead (available since mysqlclient >= 1.3.8). This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL. Backport of 1061f5243646b4c9b8a758f8a36c9e2ccdded1cf from main
2021-05-12[3.2.x] Refs #32718 -- Corrected CVE-2021-31542 release notes.Mariusz Felisiak
Backport of d1f1417caed648db2f81a1ec28c47bf958c01958 from main
2021-05-06[3.2.x] Added stub release notes for Django 3.2.3.Mariusz Felisiak
Backport of 29779075d7f5e1a8cfe0933661d5255e2d7d3cbd from main
2021-05-06[3.2.x] Added CVE-2021-32052 to security archive.Mariusz Felisiak
Backport of efebcc429f048493d6bc710399e65d98081eafd5 from main
2021-05-06[3.2.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs ↵Mariusz Felisiak
from being accepted in URLValidator on Python 3.9.5+. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs [1, 2]. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid. [1] https://bugs.python.org/issue43882 and [2] https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 Backport of e1e81aa1c4427411e3c68facdd761229ffea6f6f from main.
2021-05-05[3.2.x] Fixed #32714 -- Prevented recreation of migration for Meta.ordering ↵Simon Charette
with OrderBy expressions. Regression in c8b659430556dca0b2fe27cf2ea0f8290dbafecd. Thanks Kevin Marsh for the report. Backport of 96f55ccf798c7592a1203f798a4dffaf173a9263 from main
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 02:11:48 +0000