django/docs/releases/5.1.1.txt

==========================
Django 5.1.1 release notes
==========================

*September 3, 2024*

Django 5.1.1 fixes one security issue with severity "moderate", one security
issue with severity "low", and several bugs in 5.1.

Bugfixes
========

* Fixed a regression in Django 5.1 that caused a crash of ``Window()`` when
  passing an empty sequence to the ``order_by`` parameter, and a crash of
  ``Prefetch()`` for a sliced queryset without ordering (:ticket:`35665`).

* Fixed a regression in Django 5.1 where a new ``usable_password`` field was
  included in :class:`~django.contrib.auth.forms.BaseUserCreationForm` (and
  children). A new :class:`~django.contrib.auth.forms.AdminUserCreationForm`
  including this field was added, isolating the feature to the admin where it
  was intended (:ticket:`35678`).

* Adjusted the deprecation warning ``stacklevel`` in :meth:`.Model.save` and
  :meth:`.Model.asave` to correctly point to the offending call site
  (:ticket:`35060`).
Added stub release notes for 5.1.1. 2024-08-07 13:38:36 +00:00			`==========================`
			`Django 5.1.1 release notes`
			`==========================`

Added stub release notes and release date for 5.1.1, 5.0.9, and 4.2.16. 2024-08-27 12:20:59 +00:00			`September 3, 2024`
Added stub release notes for 5.1.1. 2024-08-07 13:38:36 +00:00
Added stub release notes and release date for 5.1.1, 5.0.9, and 4.2.16. 2024-08-27 12:20:59 +00:00			`Django 5.1.1 fixes one security issue with severity "moderate", one security`
Fixed grammatical error in stub release notes for upcoming security release. 2024-08-27 12:46:12 +00:00			`issue with severity "low", and several bugs in 5.1.`
Added stub release notes for 5.1.1. 2024-08-07 13:38:36 +00:00
			`Bugfixes`
			`========`

Fixed #35665 -- Fixed a crash when passing an empty order_by to Window. This also caused un-ordered sliced prefetches to crash as they rely on Window. Regression in e16d0c176e9b89628cdec5e58c418378c4a2436a that made OrderByList piggy-back ExpressionList without porting the empty handling that the latter provided. Supporting explicit empty ordering on Window functions and slicing is arguably a foot-gun design due to how backends will return undeterministic results but this is a problem that requires a larger discussion. Refs #35064. Thanks Andrew Backer for the report and Mariusz for the review. 2024-08-09 12:43:20 +00:00			* Fixed a regression in Django 5.1 that caused a crash of ``Window()`` when
			passing an empty sequence to the ``order_by`` parameter, and a crash of
			``Prefetch()`` for a sliced queryset without ordering (:ticket:`35665`).
Fixed #35678 -- Removed "usable_password" field from BaseUserCreationForm. Refs #34429: Following the implementation allowing the setting of unusable passwords via the admin site, the `BaseUserCreationForm` and `UserCreationForm` were extended to include a new field for choosing whether password-based authentication for the new user should be enabled or disabled at creation time. Given that these forms are designed to be extended when implementing custom user models, this branch ensures that this new field is moved to a new, admin-dedicated, user creation form `AdminUserCreationForm`. Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3. Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for the review. 2024-08-15 13:27:24 +00:00
			* Fixed a regression in Django 5.1 where a new ``usable_password`` field was
			included in :class:`~django.contrib.auth.forms.BaseUserCreationForm` (and
			children). A new :class:`~django.contrib.auth.forms.AdminUserCreationForm`
			`including this field was added, isolating the feature to the admin where it`
			was intended (:ticket:`35678`).
Refs #35060 -- Adjusted deprecation warning stacklevel in Model.save()/asave(). 2024-08-09 17:41:18 +00:00
			* Adjusted the deprecation warning ``stacklevel`` in :meth:`.Model.save` and
			:meth:`.Model.asave` to correctly point to the offending call site
			(:ticket:`35060`).