django/docs/releases/5.1.1.txt

==========================
Django 5.1.1 release notes
==========================

*September 3, 2024*

Django 5.1.1 fixes one security issue with severity "moderate", one security
issue with severity "low", and several bugs in 5.1.

Bugfixes
========

* Fixed a regression in Django 5.1 that caused a crash of ``Window()`` when
  passing an empty sequence to the ``order_by`` parameter, and a crash of
  ``Prefetch()`` for a sliced queryset without ordering (:ticket:`35665`).

* Fixed a regression in Django 5.1 where a new ``usable_password`` field was
  included in :class:`~django.contrib.auth.forms.BaseUserCreationForm` (and
  children). A new :class:`~django.contrib.auth.forms.AdminUserCreationForm`
  including this field was added, isolating the feature to the admin where it
  was intended (:ticket:`35678`).

* Adjusted the deprecation warning ``stacklevel`` in :meth:`.Model.save` and
  :meth:`.Model.asave` to correctly point to the offending call site
  (:ticket:`35060`).

* Adjusted the deprecation warning ``stacklevel`` when using ``OS_OPEN_FLAGS``
  in :class:`~django.core.files.storage.FileSystemStorage` to correctly point
  to the offending call site (:ticket:`35326`).

* Adjusted the deprecation warning ``stacklevel`` in
  ``FieldCacheMixin.get_cache_name()`` to correctly point to the offending call
  site (:ticket:`35405`).

* Restored, following a regression in Django 5.1, the ability to override the
  timezone and role setting behavior used within the ``init_connection_state``
  method of the PostgreSQL backend (:ticket:`35688`).
Added stub release notes for 5.1.1. 2024-08-07 13:38:36 +00:00			`==========================`
			`Django 5.1.1 release notes`
			`==========================`

Added stub release notes and release date for 5.1.1, 5.0.9, and 4.2.16. 2024-08-27 12:20:59 +00:00			`September 3, 2024`
Added stub release notes for 5.1.1. 2024-08-07 13:38:36 +00:00
Added stub release notes and release date for 5.1.1, 5.0.9, and 4.2.16. 2024-08-27 12:20:59 +00:00			`Django 5.1.1 fixes one security issue with severity "moderate", one security`
Fixed grammatical error in stub release notes for upcoming security release. 2024-08-27 12:46:12 +00:00			`issue with severity "low", and several bugs in 5.1.`
Added stub release notes for 5.1.1. 2024-08-07 13:38:36 +00:00
			`Bugfixes`
			`========`

Fixed #35665 -- Fixed a crash when passing an empty order_by to Window. This also caused un-ordered sliced prefetches to crash as they rely on Window. Regression in e16d0c176e9b89628cdec5e58c418378c4a2436a that made OrderByList piggy-back ExpressionList without porting the empty handling that the latter provided. Supporting explicit empty ordering on Window functions and slicing is arguably a foot-gun design due to how backends will return undeterministic results but this is a problem that requires a larger discussion. Refs #35064. Thanks Andrew Backer for the report and Mariusz for the review. 2024-08-09 12:43:20 +00:00			* Fixed a regression in Django 5.1 that caused a crash of ``Window()`` when
			passing an empty sequence to the ``order_by`` parameter, and a crash of
			``Prefetch()`` for a sliced queryset without ordering (:ticket:`35665`).
Fixed #35678 -- Removed "usable_password" field from BaseUserCreationForm. Refs #34429: Following the implementation allowing the setting of unusable passwords via the admin site, the `BaseUserCreationForm` and `UserCreationForm` were extended to include a new field for choosing whether password-based authentication for the new user should be enabled or disabled at creation time. Given that these forms are designed to be extended when implementing custom user models, this branch ensures that this new field is moved to a new, admin-dedicated, user creation form `AdminUserCreationForm`. Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3. Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for the review. 2024-08-15 13:27:24 +00:00
			* Fixed a regression in Django 5.1 where a new ``usable_password`` field was
			included in :class:`~django.contrib.auth.forms.BaseUserCreationForm` (and
			children). A new :class:`~django.contrib.auth.forms.AdminUserCreationForm`
			`including this field was added, isolating the feature to the admin where it`
			was intended (:ticket:`35678`).
Refs #35060 -- Adjusted deprecation warning stacklevel in Model.save()/asave(). 2024-08-09 17:41:18 +00:00
			* Adjusted the deprecation warning ``stacklevel`` in :meth:`.Model.save` and
			:meth:`.Model.asave` to correctly point to the offending call site
			(:ticket:`35060`).
Refs #35326 -- Adjusted deprecation warning stacklevel in FileSystemStorage.OS_OPEN_FLAGS. 2024-08-09 16:45:44 +00:00
			* Adjusted the deprecation warning ``stacklevel`` when using ``OS_OPEN_FLAGS``
			in :class:`~django.core.files.storage.FileSystemStorage` to correctly point
			to the offending call site (:ticket:`35326`).
Refs #35405 -- Adjusted deprecation warning stacklevel in FieldCacheMixin.get_cache_name(). 2024-08-09 16:55:40 +00:00
			* Adjusted the deprecation warning ``stacklevel`` in
			``FieldCacheMixin.get_cache_name()`` to correctly point to the offending call
			site (:ticket:`35405`).
Fixed #35688 -- Restored timezone and role setters to be PostgreSQL DatabaseWrapper methods. Following the addition of PostgreSQL connection pool support in Refs #33497, the methods for configuring the database role and timezone were moved to module-level functions. This change prevented subclasses of DatabaseWrapper from overriding these methods as needed, for example, when creating wrappers for other PostgreSQL-based backends. Thank you Christian Hardenberg for the report and to Florian Apolloner and Natalia Bidart for the review. Regression in fad334e1a9b54ea1acb8cce02a25934c5acfe99f. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> 2024-08-19 14:51:31 +00:00
			`* Restored, following a regression in Django 5.1, the ability to override the`
			timezone and role setting behavior used within the ``init_connection_state``
			method of the PostgreSQL backend (:ticket:`35688`).