1
0
mirror of https://github.com/django/django.git synced 2025-09-10 11:09:12 +00:00

5118 Commits

Author SHA1 Message Date
Carlton Gibson
892a45d642
Refs #36410 -- Added link to migration guide for template-partials. 2025-09-08 15:29:58 +02:00
Mike Edmunds
0231f71d31 Fixed #36524 -- Enabled docs cross references to EmailMessage methods.
Updated docs for class django.core.mail.EmailMessage to use Sphinx
`method::` directives, allowing cross references to those methods
elsewhere in the docs.

Updated references to those methods in the email docs and 6.0 release
notes to link directly to the specific methods.
2025-09-05 15:56:16 -04:00
Tim Graham
2a636118da Fixed #36564 -- Changed DEFAULT_AUTO_FIELD from AutoField to BigAutoField. 2025-09-05 10:43:10 -04:00
Adam Johnson
0ddbe12ea9 Refs #36121 -- Fixed location of release note. 2025-09-05 08:17:02 -04:00
Mariusz Felisiak
686a8a62ae
Added missing backticks in docs/releases/security.txt. 2025-09-04 11:10:09 +02:00
Sarah Boyce
f0c05a40d2 Added CVE-2025-57833 to security archive. 2025-09-03 15:26:45 +02:00
Sarah Boyce
ab7c7dd99b Added stub release notes for 5.2.7. 2025-09-03 15:20:37 +02:00
Jake Howard
5171171709 Fixed CVE-2025-57833 -- Protected FilteredRelation against SQL injection in column aliases.
Thanks Eyal Gabay (EyalSec) for the report.
2025-09-03 13:10:58 +02:00
Sarah Boyce
d044e25dc2 Made cosmetic edits to 5.2.6 release notes. 2025-09-03 12:15:01 +02:00
사재혁
e427e6b19b
Refs #35967 -- Removed deprecation note from backwards incompatible changes in 6.0 release notes.
Signed-off-by: SaJH <wogur981208@gmail.com>
2025-09-01 21:31:21 +02:00
Clifford Gama
6c37a2fbb2
Removed outdated deprecation note in 6.0 release notes. 2025-08-31 08:18:23 +02:00
Jacob Walls
a627194567
Refs #36485 -- Corrected docs linter to detect too-long lines at file end. 2025-08-29 17:35:50 -04:00
SaJH
bb7a7701b1 Fixed #36431 -- Returned tuples for multi-column ForeignObject in values()/values_list().
Thanks Jacob Walls and Simon Charette for tests.

Signed-off-by: SaJH <wogur981208@gmail.com>
2025-08-29 15:33:44 -04:00
Rob Hudson
550822bcee Fixed #36532 -- Added Content Security Policy view decorators to override or disable policies.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-08-28 17:23:48 -03:00
Simon Charette
292b9e6fe8 Refs #27222 -- Adapted RETURNING handling to be usable for UPDATE queries.
Renamed existing methods and abstractions used for INSERT … RETURNING
to be generic enough to be used in the context of UPDATEs as well.

This also consolidates SQL compliant implementations on
BaseDatabaseOperations.
2025-08-28 20:44:21 +02:00
Adam Johnson
56955636e6 Ensured :doc: role uses absolute targets in docs. 2025-08-28 13:48:32 -03:00
SaJH
3c0c54351b Fixed #36570 -- Removed unnecessary :py domain from documentation roles.
Signed-off-by: SaJH <wogur981208@gmail.com>
2025-08-28 08:52:43 +02:00
Sarah Boyce
4c71e33440 Added stub release notes and release date for 5.2.6, 5.1.12, and 4.2.24. 2025-08-27 16:01:20 +02:00
Sarah Boyce
d0e4dd5cdd Fixed #36572 -- Revert "Fixed #36546 -- Deprecated django.utils.crypto.constant_time_compare() in favor of hmac.compare_digest()."
This reverts commit 0246f478882c26bc1fe293224653074cd46a90d0.
2025-08-27 10:50:50 +02:00
David Smith
f81e6e3a53 Refs #36485 -- Rewrapped docs to 79 columns line length.
Lines in the docs files were manually adjusted to conform to the
79 columns limit per line (plus newline), improving readability and
consistency across the content.
2025-08-25 10:51:10 -03:00
Natalia
4286a23df6 Refs #36485 -- Removed double spaces after periods in sentences. 2025-08-25 10:51:10 -03:00
David Smith
6f8e23d1c1 Refs #36485 -- Removed unnecessary parentheses in :meth: and :func: roles in docs. 2025-08-25 10:51:10 -03:00
SaJH
0246f47888 Fixed #36546 -- Deprecated django.utils.crypto.constant_time_compare() in favor of hmac.compare_digest().
Signed-off-by: SaJH <wogur981208@gmail.com>
2025-08-25 14:45:16 +02:00
Mariusz Felisiak
b3166e1e15 Refs #35530 -- Corrected deprecation message in auth.alogin().
Follow up to ceecd518b19044181a3598c55ebed7c2545963cc.
2025-08-22 16:14:09 +02:00
SaJH
f2a6c0477f Fixed #36399 -- Added support for multiple Cookie headers in HTTP/2 for ASGIRequest.
Signed-off-by: SaJH <wogur981208@gmail.com>
2025-08-21 16:48:54 +02:00
Mariusz Felisiak
bcddf641ae
Corrected release notes of calling format_html() without arguments. 2025-08-20 07:33:39 +02:00
farhan
5e06b97095 Fixed #36410 -- Added support for Template Partials to the Django Template Language.
Introduced `{% partialdef %}` and `{% partial %}` template tags to
define and render reusable named fragments within a template file.
Partials can also be accessed using the `template_name#partial_name`
syntax via `get_template()`, `render()`, `{% include %}`, and other
template-loading tools.

Adjusted `get_template()` behavior to support partial resolution, with
appropriate error handling for invalid names and edge cases. Introduced
`PartialTemplate` to encapsulate partial rendering behavior.

Includes tests and internal refactors to support partial context
binding, exception reporting, and tag validation.

Co-authored-by: Carlton Gibson <carlton@noumenal.es>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
2025-08-14 21:53:14 -03:00
Jacob Walls
eed7f44244 Refs #36210 -- Added release note for further subquery support for composite pks.
Follow-up to fd569dd45bf0746378faf7f65172497f21ed27f0.
2025-08-11 10:22:59 +02:00
James Bligh
c1aa4a7a79 Fixed #36525 -- Silenced individual deleted file messages in collectstatic --clear's default verbosity. 2025-08-08 09:52:16 +02:00
Sarah Boyce
0bff53b413 Added stub release notes for 5.2.6. 2025-08-06 10:32:17 +02:00
Sarah Boyce
8999b0e2bf Added release date for 5.2.5. 2025-08-06 09:58:49 +02:00
James Bligh
6142e3f347 Fixed #26583 -- Silenced individual clashing name warnings in collectstatic's default verbosity.
Made collectstatic report individual destination conflicts only at verbosity 2+.
Made verbosity level 1 report a summary count of skipped files.
2025-08-05 16:37:43 +02:00
jkhall81
2013092b69 Fixed #36530 -- Extended fields.E347 to check for ManyToManyField involving CompositePrimaryKey on either side.
Thanks to Jacob Walls for the report.
2025-08-05 08:34:40 -03:00
Natalia
9cec8d9f55 Fixed #36535 -- Ensured compatibility with docutils 0.19 through 0.22.
Regression in 65ab92f6a83644bbb555d0eff3a02d8d9301aba4.
2025-08-04 21:52:25 -03:00
Jacob Walls
8914f4703c Fixed #35972 -- Fixed lookup crashes after subquery annotations. 2025-08-04 10:14:01 +02:00
Simon Charette
079d31e698 Fixed #34871, #36518 -- Implemented unresolved lookups expression replacement.
This allows the proper resolving of lookups when performing constraint
validation involving Q and Case objects.

Thanks Andrew Roberts for the report and Sarah for the tests and review.
2025-08-04 09:22:53 +02:00
Mariusz Felisiak
d55979334d Fixed #36531 -- Added forkserver support to parallel test runner. 2025-07-29 14:11:22 -03:00
Simon Charette
0a4999b422 Fixed #36522 -- Added support for filtering composite pks using a tuple of expressions.
Thanks Jacob Walls for the report, and Sarah Boyce and Mariusz Felisiak
for reviews.
2025-07-28 16:39:28 -03:00
Mike Edmunds
9ab1991689 Fixed #35581 -- Updated django.core.mail to Python's modern email API.
- Changed EmailMessage.message() to construct a "modern email API"
  email.message.EmailMessage and added policy keyword arg.
- Added support for modern MIMEPart objects in EmailMessage.attach()
  (and EmailMessage constructor, EmailMessage.attachments list).
- Updated SMTP EmailBackend to use modern email.policy.SMTP.

Deprecated:
- Attaching MIMEBase objects (replace with MIMEPart)
- BadHeaderError (modern email uses ValueError)
- SafeMIMEText, SafeMIMEMultipart (unnecessary for modern email)
- django.core.mail.forbid_multi_line_headers()
  (undocumented, but exposed via `__all__` and in wide use)
- django.core.mail.message.sanitize_address()
  (undocumented, but in wide use)

Removed without deprecation (all undocumented):
- EmailMessage.mixed_subtype
- EmailMultiAlternatives.alternative_subtype
- Support for setting (undocumented) EmailMessage.encoding property
  to a legacy email.charset.Charset object

Related changes:
- Dropped tests for incorrect RFC 2047 encoding of non-ASCII email
  address localparts. This is specifically prohibited by RFC 2047, and
  not supported by any known MTA or email client. (Python still
  mis-applies encoded-word to non-ASCII localparts, but it is a bug that
  may be fixed in the future.)
- Added tests that try to discourage using Python's legacy email APIs
  in future updates to django.core.mail.
2025-07-25 13:50:02 +02:00
Anthony Sottile
5488530a27 Fixed #36377 -- Added hints support to CreateExtension and subclasses. 2025-07-22 08:04:55 +02:00
Ahmed Ibrahim
a5b0a618c3 Fixed #28696 -- Added GeometryType GIS database function and __geom_type lookup.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2025-07-20 11:18:38 +02:00
Mike Edmunds
fc793fc303 Fixed #36163 -- Deprecated most positional arguments in django.core.mail.
In public mail APIs, changed less frequently used parameters from
keyword-or-positional to keyword-only, emitting a warning during the
required deprecation period.
2025-07-17 14:01:16 -03:00
Salvo Polizzi
a5cd84ad20 Fixed #35680 -- Added automatic imports of common utilies to shell management command. 2025-07-17 12:51:43 +02:00
Simon Charette
0fe218842e
Fixed #36502 -- Restored UNNEST strategy for foreign key bulk inserts on PostgreSQL.
Regression in 764af7a3d6c0b543dcf659a2c327f214da768fe4.
2025-07-10 18:33:00 +02:00
Carlton Gibson
a8912e4383
Updated asgiref dependency. 2025-07-09 18:06:49 +02:00
Natalia
94ebcf8366 Added release date for 5.2.4. 2025-07-02 15:55:14 -03:00
Natalia
7ab6b863da Added stub release notes for 5.2.5. 2025-07-02 15:51:02 -03:00
Matthew Stell
7feafd79a4 Fixed #35846 -- Ensured consistent path ordering in ManifestStaticFilesStorage manifest files.
This change reuses the existing sorting of `hashed_files` in
`ManifestStaticFilesStorage.save_manifest` to also store a sorted
`paths` mapping in the manifest file. This ensures stable manifest
output that does not change unnecessarily.
2025-07-01 15:24:34 -03:00
Simon Charette
192bc7a7be Fixed #36464 -- Fixed "__in" tuple lookup on backends lacking native support.
When native support for tuple lookups is missing in a DB backend, it can
be emulated with an EXISTS clause. This is controlled by the backend
feature flag "supports_tuple_lookups".

The mishandling of subquery right-hand side in `TupleIn` (added to
support `CompositePrimaryKey` in Refs #373) was likely missed because
the only core backend we test with the feature flag disabled
(Oracle < 23.4) supports it natively.

Thanks to Nandana Raol for the report, and to Sarah Boyce, Jacob Walls,
and Natalia Bidart for reviews.
2025-06-30 20:15:25 -03:00
Rob Hudson
d63241ebc7 Fixed #15727 -- Added Content Security Policy (CSP) support.
This initial work adds a pair of settings to configure specific CSP
directives for enforcing or reporting policy violations, a new
`django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the
appropriate headers to responses, and a context processor to support CSP
nonces in templates for safely inlining assets.

Relevant documentation has been added for the 6.0 release notes,
security overview, a new how-to page, and a dedicated reference section.

Thanks to the multiple reviewers for their precise and valuable feedback.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-06-27 15:57:02 -03:00