Mariusz Felisiak
f3c89744cc
Added stub release notes for 4.1.7.
2023-02-01 13:18:34 +01:00
Mariusz Felisiak
36e3eef7d5
Added CVE-2023-23969 to security archive.
2023-02-01 12:09:03 +01:00
Nick Pope
8c660fb592
Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language.
...
The parsed values of Accept-Language headers are cached in order to
avoid repetitive parsing. This leads to a potential denial-of-service
vector via excessive memory usage if the raw value of Accept-Language
headers is very large.
Accept-Language headers are now limited to a maximum length in order
to avoid this issue.
2023-02-01 09:44:04 +01:00
Durval Carvalho
40217d1a82
Fixed #34180 -- Added note about resetting language in test tear-downs.
...
Co-authored-by: Faris Naimi <farisfaris66@gmail.com>
2023-01-31 06:35:30 +01:00
fschwebel
0265b1b49b
Fixed typo in docs/topics/auth/passwords.txt.
...
Wrapped hashing is only possible if the inner wrapped function is the
same as the previous hasher.
2023-01-30 08:31:39 +01:00
Mariusz Felisiak
2b1242abb3
Fixed #34291 -- Fixed Meta.constraints validation crash on UniqueConstraint with ordered expressions.
...
Thanks Dan F for the report.
Bug in 667105877e
.
2023-01-26 09:31:40 +01:00
Mariusz Felisiak
882f99031e
Moved release note about the default PBKDF2 iterations into django.contrib.auth section.
...
Thanks Tim Graham for the report.
2023-01-25 22:25:29 +01:00
Carlton Gibson
d8e1442ce2
Adjusted release notes for 4.1.6, 4.0.9, and 3.2.17.
2023-01-25 12:26:00 +01:00
Carlton Gibson
1df963ad24
Set date and added stub release notes for 4.1.6, 4.0.9, and 3.2.17.
2023-01-25 11:57:04 +01:00
noFFENSE
5cd1385356
Fixed #34242 -- Doc'd that primary key is set to None when deleting objects.
2023-01-20 09:36:36 +01:00
Niccolò Mineo
79c298c9ce
Fixed #34266 -- Added ClosestPoint GIS database functions.
2023-01-20 08:13:43 +01:00
Mariusz Felisiak
23e8868862
Refs #34233 -- Used str.removeprefix()/removesuffix().
2023-01-18 19:11:18 +01:00
Mariusz Felisiak
b209518089
Refs #32339 -- Deprecated transitional form renderers.
2023-01-18 11:08:39 +01:00
Mariusz Felisiak
3bbe22dafc
Fixed #34233 -- Dropped support for Python 3.8 and 3.9.
2023-01-18 09:46:01 +01:00
John Whitlock
d547171183
Fixed typo in docs/releases/4.2.txt.
2023-01-17 19:27:51 +01:00
Mariusz Felisiak
2785e121c7
Doc'd that 4.2 is LTS.
2023-01-17 19:24:31 +01:00
Mariusz Felisiak
a209f66259
Removed remaining empty sections from 4.2 release notes.
...
Follow up to 772cd2b15b
.
2023-01-17 14:05:32 +01:00
Sébastien Corbin
e2964fed17
Fixed #34264 -- Moved release note about session cookies into error reporting section.
2023-01-17 13:08:42 +01:00
Mariusz Felisiak
4fc711a108
Increased the default PBKDF2 iterations for Django 5.0.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
f39f120302
Advanced deprecation warnings for Django 5.0.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
94ad46e9d8
Refs #33543 -- Made Expression.asc()/desc() and OrderBy raise ValueError when nulls_first/nulls_last=False is passed.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
98756c685e
Refs #32339 -- Changed default form and formset rendering style to div-based.
...
Per deprecation timeline.
This also removes "django/forms/default.html" and
"django/forms/formsets/default.html" templates.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
b5ac6e78f8
Refs #33691 -- Removed django.contrib.auth.hashers.CryptPasswordHasher per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
ce7b4f39e3
Refs #27674 -- Removed django.contrib.gis.admin.OpenLayersWidget per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
71d1203b07
Refs #33348 -- Removed support for passing response object and form/formset name to SimpleTestCase.assertFormError()/assertFormSetError().
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
d6816bff73
Refs #32365 -- Removed django.utils.timezone.utc per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
9a01311d20
Refs #15619 -- Removed support for logging out via GET requests.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
ba082e0952
Refs #33561 -- Made created=True required in signature of RemoteUserBackend.configure_user() subclasses.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
4d78d7338c
Refs #31486 -- Removed ability to pass unsaved model instances to related filters.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
1391356276
Refs #29984 -- Made QuerySet.iterator() without chunk_size raise ValueError after prefetch_related().
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
b119f4329c
Refs #29708 -- Removed PickleSerializer per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
23c8787439
Refs #33348 -- Removed support for passing errors=None to SimpleTestCase.assertFormError()/assertFormsetErrors().
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
23ec318988
Refs #33342 -- Removed ExclusionConstraint.opclasses per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
5c10041f46
Refs #30127 -- Removed name argument for django.utils.functional.cached_property().
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
e01970e9d2
Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
daf88e778b
Refs #25916 -- Removed SitemapIndexItem.__str__() per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
31878b4d73
Refs #31026 -- Removed ability to return string when rendering ErrorDict/ErrorList.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
182d25eb7a
Refs #31026 -- Removed BaseForm._html_output() per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
4982958ec0
Refs #27674 -- Removed GeoModelAdmin and OSMGeoAdmin per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
2fad163257
Refs #32365 -- Removed is_dst argument for various methods and functions.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
e6f82438d4
Refs #32365 -- Removed support for pytz timezones per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
8d98f99a4a
Refs #32873 -- Removed settings.USE_L10N per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
0be8095b25
Refs #10929 -- Stopped forcing empty result value by PostgreSQL aggregates.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
43b01300b7
Refs #32655 -- Removed extra_tests argument for DiscoverRunner.build_suite()/run_tests().
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
4eb97a90f0
Refs #32375 -- Changed default sitemap protocol to https.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
602d9a312f
Refs #32379 -- Changed default USE_TZ to True.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
4aa0689080
Refs #32738 -- Removed django.utils.datetime_safe module per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
ef46f3778a
Refs #32712 -- Removed django.utils.baseconv module per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
6c0539ed7c
Refs #32446 -- Removed SERIALIZE test database setting per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
490cccbe7e
Removed versionadded/changed annotations for 4.1.
2023-01-17 11:49:15 +01:00