blob: 2ee6fe0f5c487c0f90caccb2aef3c50bfbe728f9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
==========================
Django 4.1.2 release notes
==========================
*October 4, 2022*
Django 4.1.2 fixes a security issue with severity "medium" and several bugs in
4.1.1.
CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs
===================================================================================
Internationalized URLs were subject to potential denial of service attack via
the locale parameter.
Bugfixes
========
* Fixed a regression in Django 4.1 that caused a migration crash on PostgreSQL
when adding a model with ``ExclusionConstraint`` (:ticket:`33982`).
* Fixed a regression in Django 4.1 that caused aggregation over a queryset that
contained an ``Exists`` annotation to crash due to too many selected columns
(:ticket:`33992`).
* Fixed a bug in Django 4.1 that caused an incorrect validation of
``CheckConstraint`` on ``NULL`` values (:ticket:`33996`).
* Fixed a regression in Django 4.1 that caused a
``QuerySet.values()/values_list()`` crash on ``ArrayAgg()`` and
``JSONBAgg()`` (:ticket:`34016`).
* Fixed a bug in Django 4.1 that caused :attr:`.ModelAdmin.autocomplete_fields`
to be incorrectly selected after adding/changing related instances via popups
(:ticket:`34025`).
* Fixed a regression in Django 4.1 where the app registry was not populated
when running parallel tests with the ``multiprocessing`` start method
``spawn`` (:ticket:`34010`).
* Fixed a regression in Django 4.1 where the ``--debug-mode`` argument to
``test`` did not work when running parallel tests with the
``multiprocessing`` start method ``spawn`` (:ticket:`34010`).
* Fixed a regression in Django 4.1 that didn't alter a sequence type when
altering type of pre-Django 4.1 serial columns on PostgreSQL
(:ticket:`34058`).
* Fixed a regression in Django 4.1 that caused a crash for :class:`View`
subclasses with asynchronous handlers when handling non-allowed HTTP methods
(:ticket:`34062`).
* Reverted caching related managers for ``ForeignKey``, ``ManyToManyField``,
and ``GenericRelation`` that caused the incorrect refreshing of related
objects (:ticket:`33984`).
* Relaxed the system check added in Django 4.1 for the same name used for
multiple template tag modules to a warning (:ticket:`32987`).
|
