1
0
mirror of https://github.com/django/django.git synced 2024-12-23 01:25:58 +00:00
Commit Graph

13190 Commits

Author SHA1 Message Date
Mariusz Felisiak
f3c89744cc Added stub release notes for 4.1.7. 2023-02-01 13:18:34 +01:00
Mariusz Felisiak
36e3eef7d5 Added CVE-2023-23969 to security archive. 2023-02-01 12:09:03 +01:00
Nick Pope
8c660fb592 Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language.
The parsed values of Accept-Language headers are cached in order to
avoid repetitive parsing. This leads to a potential denial-of-service
vector via excessive memory usage if the raw value of Accept-Language
headers is very large.

Accept-Language headers are now limited to a maximum length in order
to avoid this issue.
2023-02-01 09:44:04 +01:00
Durval Carvalho
40217d1a82 Fixed #34180 -- Added note about resetting language in test tear-downs.
Co-authored-by: Faris Naimi <farisfaris66@gmail.com>
2023-01-31 06:35:30 +01:00
fschwebel
0265b1b49b
Fixed typo in docs/topics/auth/passwords.txt.
Wrapped hashing is only possible if the inner wrapped function is the
same as the previous hasher.
2023-01-30 08:31:39 +01:00
Mariusz Felisiak
2b1242abb3
Fixed #34291 -- Fixed Meta.constraints validation crash on UniqueConstraint with ordered expressions.
Thanks Dan F for the report.

Bug in 667105877e.
2023-01-26 09:31:40 +01:00
Mariusz Felisiak
882f99031e
Moved release note about the default PBKDF2 iterations into django.contrib.auth section.
Thanks Tim Graham for the report.
2023-01-25 22:25:29 +01:00
Carlton Gibson
d8e1442ce2 Adjusted release notes for 4.1.6, 4.0.9, and 3.2.17. 2023-01-25 12:26:00 +01:00
Carlton Gibson
1df963ad24 Set date and added stub release notes for 4.1.6, 4.0.9, and 3.2.17. 2023-01-25 11:57:04 +01:00
noFFENSE
5cd1385356 Fixed #34242 -- Doc'd that primary key is set to None when deleting objects. 2023-01-20 09:36:36 +01:00
Niccolò Mineo
79c298c9ce Fixed #34266 -- Added ClosestPoint GIS database functions. 2023-01-20 08:13:43 +01:00
Mariusz Felisiak
23e8868862
Refs #34233 -- Used str.removeprefix()/removesuffix(). 2023-01-18 19:11:18 +01:00
Mariusz Felisiak
b209518089
Refs #32339 -- Deprecated transitional form renderers. 2023-01-18 11:08:39 +01:00
Mariusz Felisiak
3bbe22dafc
Fixed #34233 -- Dropped support for Python 3.8 and 3.9. 2023-01-18 09:46:01 +01:00
John Whitlock
d547171183
Fixed typo in docs/releases/4.2.txt. 2023-01-17 19:27:51 +01:00
Mariusz Felisiak
2785e121c7
Doc'd that 4.2 is LTS. 2023-01-17 19:24:31 +01:00
Mariusz Felisiak
a209f66259
Removed remaining empty sections from 4.2 release notes.
Follow up to 772cd2b15b.
2023-01-17 14:05:32 +01:00
Sébastien Corbin
e2964fed17
Fixed #34264 -- Moved release note about session cookies into error reporting section. 2023-01-17 13:08:42 +01:00
Mariusz Felisiak
4fc711a108 Increased the default PBKDF2 iterations for Django 5.0. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
f39f120302 Advanced deprecation warnings for Django 5.0. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
94ad46e9d8 Refs #33543 -- Made Expression.asc()/desc() and OrderBy raise ValueError when nulls_first/nulls_last=False is passed.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
98756c685e Refs #32339 -- Changed default form and formset rendering style to div-based.
Per deprecation timeline.

This also removes "django/forms/default.html" and
"django/forms/formsets/default.html" templates.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
b5ac6e78f8 Refs #33691 -- Removed django.contrib.auth.hashers.CryptPasswordHasher per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
ce7b4f39e3 Refs #27674 -- Removed django.contrib.gis.admin.OpenLayersWidget per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
71d1203b07 Refs #33348 -- Removed support for passing response object and form/formset name to SimpleTestCase.assertFormError()/assertFormSetError().
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
d6816bff73 Refs #32365 -- Removed django.utils.timezone.utc per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
9a01311d20 Refs #15619 -- Removed support for logging out via GET requests.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
ba082e0952 Refs #33561 -- Made created=True required in signature of RemoteUserBackend.configure_user() subclasses.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
4d78d7338c Refs #31486 -- Removed ability to pass unsaved model instances to related filters.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
1391356276 Refs #29984 -- Made QuerySet.iterator() without chunk_size raise ValueError after prefetch_related().
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
b119f4329c Refs #29708 -- Removed PickleSerializer per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
23c8787439 Refs #33348 -- Removed support for passing errors=None to SimpleTestCase.assertFormError()/assertFormsetErrors().
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
23ec318988 Refs #33342 -- Removed ExclusionConstraint.opclasses per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
5c10041f46 Refs #30127 -- Removed name argument for django.utils.functional.cached_property().
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
e01970e9d2 Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
daf88e778b Refs #25916 -- Removed SitemapIndexItem.__str__() per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
31878b4d73 Refs #31026 -- Removed ability to return string when rendering ErrorDict/ErrorList.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
182d25eb7a Refs #31026 -- Removed BaseForm._html_output() per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
4982958ec0 Refs #27674 -- Removed GeoModelAdmin and OSMGeoAdmin per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
2fad163257 Refs #32365 -- Removed is_dst argument for various methods and functions.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
e6f82438d4 Refs #32365 -- Removed support for pytz timezones per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
8d98f99a4a Refs #32873 -- Removed settings.USE_L10N per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
0be8095b25 Refs #10929 -- Stopped forcing empty result value by PostgreSQL aggregates.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
43b01300b7 Refs #32655 -- Removed extra_tests argument for DiscoverRunner.build_suite()/run_tests().
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
4eb97a90f0 Refs #32375 -- Changed default sitemap protocol to https.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
602d9a312f Refs #32379 -- Changed default USE_TZ to True.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
4aa0689080 Refs #32738 -- Removed django.utils.datetime_safe module per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
ef46f3778a Refs #32712 -- Removed django.utils.baseconv module per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
6c0539ed7c Refs #32446 -- Removed SERIALIZE test database setting per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
490cccbe7e Removed versionadded/changed annotations for 4.1. 2023-01-17 11:49:15 +01:00