mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-02-06 07:25:19 +00:00
Code Issues 32 Releases Wiki Activity
31,714 Commits 29 Branches 433 Tags
Commit Graph

31714 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Manfre
156d3186c9 [4.2.x] Fixed CVE-2024-39329 -- Standarized timing of verify_password() when checking unusuable passwords. 
Refs #20760.

Thanks Michael Manfre for the fix and to Adam Johnson for the review.
 2024-07-09 10:40:46 -03:00
Adam Johnson
79f3687642 [4.2.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thank you to Elias Myllymäki for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2024-07-09 10:40:37 -03:00
Natalia
446cdab134 [4.2.x] Added stub release notes for 4.2.14. 2024-07-03 14:18:28 -03:00
Natalia
d26c8838d0 [4.2.x]Post-release version bump. 2024-05-07 14:44:42 -03:00
Sarah Boyce
3bf46e2e02 [4.2.x] Bumped version for 4.2.13 release. 4.2.13 2024-05-07 17:37:03 +02:00
Sarah Boyce
b46b94e66c [4.2.x] Added release notes for 4.2.13. 
Backport of 90175e110e7cfcf07f4ccdaadc45d7ed6302ce00 from main.
 2024-05-07 17:35:16 +02:00
Natalia
1536833e93 [4.2.x] Post-release version bump. 2024-05-06 14:36:28 -03:00
Sarah Boyce
6193c720b5 [4.2.x] Bumped version for 4.2.12 release. 4.2.12 2024-05-06 17:24:48 +02:00
Sarah Boyce
3f9c8fc1f9 [4.2.x] Added release date for 4.2.12. 
Backport of 34a503162fe222033a1cd3249bccad014fcd1d20 from main.
 2024-05-06 14:44:17 +02:00
Sarah Boyce
256f719cb3 [4.2.x] Reverted "Fixed #34994, Fixed #35386 -- Applied checkbox-row CSS class unconditionally in Admin." 
This reverts commit 0fc832676cd585fa420d583937b5b2318bc2c629.
 2024-04-19 13:29:30 +02:00
Adam Johnson
0fc832676c [4.2.x] Fixed #34994, Fixed #35386 -- Applied checkbox-row CSS class unconditionally in Admin. 
Backport of bdd76c4c3817d8e3ed5b0450d5e18e4eae096f16 from main.
 2024-04-19 11:28:02 +02:00
Natalia
1d85b416aa [4.2.x] Refs #35361 -- Clarified release notes for 4.2.12. 
Backport of cd823778e66307b82469858cfd8d1aa75613b49a from main.
 2024-04-12 15:07:36 +02:00
Natalia
27c32cc991 [4.2.x] Fixed #35361 -- Added release notes for 4.2.12 for backport of b231bcd19e57267ce1fc21d42d46f0b65fdcfcf8. 
Backport of 42435fc55cbf7c04c1389ee46cc50e2565b40e37 from main.
 2024-04-10 18:29:33 +02:00
Mariusz Felisiak
0d3ddcaf2c [4.2.x] Refs #34900, Refs #35361 -- Fixed SafeMIMEText.set_payload() crash on Python 3.13. 
Payloads with surrogates are passed to the set_payload() since
f97f25ef5d

Backport of b231bcd19e57267ce1fc21d42d46f0b65fdcfcf8 from main.
 2024-04-10 18:18:52 +02:00
Mariusz Felisiak
a76c52b19a [4.2.x] Added CVE-2024-27351 to security archive. 
Backport of da39ae4b5f056a332b5c48402a2ae11767e7d577 from main
 2024-03-04 10:12:58 +01:00
Mariusz Felisiak
721c566859 [4.2.x] Post-release version bump. 2024-03-04 08:47:11 +01:00
Mariusz Felisiak
61a986f53d [4.2.x] Bumped version for 4.2.11 release. 4.2.11 2024-03-04 08:43:32 +01:00
Shai Berger
3c9a2771cc [4.2.x] Fixed CVE-2024-27351 -- Prevented potential ReDoS in Truncator.words(). 
Thanks Seokchan Yoon for the report.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2024-03-04 08:36:56 +01:00
Mariusz Felisiak
7973951139 [4.2.x] Added release date for 4.2.11 and 3.2.25. 
Backport of 977d25416954a72ad100b01762078bf1ceb89a63 from main
 2024-02-26 08:29:04 +01:00
Daniel Garcia Moreno
86d8034972 [4.2.x] Refs #34900, Refs #34118 -- Updated assertion in test_skip_class_unless_db_feature() test on Python 3.12.2+. 
Python 3.12.2 bring back the skipped tests in the number of running
tests. Refs
0a737639dc

Backport of bc8471f0aac8f0c215b9471b594d159783bac19b from main
 2024-02-10 17:08:48 +01:00
Mariusz Felisiak
cb173bb088 [4.2.x] Fixed #35172 -- Fixed intcomma for string floats. 
Thanks Warwick Brown for the report.

Regression in 55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9.

Backport of 2f14c2cedc9c92373471c1f98a80c81ba299584a from main.
 2024-02-08 11:00:36 +01:00
Natalia
227ef29cff [4.2.x] Added CVE-2024-24680 to security archive. 
Backport of c650c1412d1933e339cc93f9b6745c3eedb1c25b from main
 2024-02-06 12:16:50 -03:00
Natalia
e2f1907642 [4.2.x] Post release version bump. 2024-02-06 10:04:22 -03:00
Natalia
a684d73fc9 [4.2.x] Bumped version for 4.2.10 release. 4.2.10 2024-02-06 09:57:24 -03:00
Adam Johnson
572ea07e84 [4.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter. 
Thanks Seokchan Yoon for the report.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Co-authored-by: Shai Berger <shai@platonix.com>
 2024-02-06 09:56:20 -03:00
nessita
9fe7411235
[4.2.x] Pinned black == 23.12.1 for blacken-docs checks. 2024-01-30 05:47:27 +01:00
nessita
71dd587da9
[4.2.x] Pinned black == 23.12.1 in GitHub actions, pre-commit and test requirements. 2024-01-29 12:53:06 -03:00
Natalia
74582b8d11 [4.2.x] Added stub release notes for 4.2.10 and 3.2.24. 
Backport of 06d0a1bd56a9899c351ca047a05813e8dd6a4e17 from main
 2024-01-29 12:09:52 -03:00
Mariusz Felisiak
4198a5cb2d [4.2.x] Post-release version bump. 2024-01-02 10:11:39 +01:00
Mariusz Felisiak
f339c4c8e4 [4.2.x] Bumped version for 4.2.9 release. 4.2.9 2024-01-02 10:10:11 +01:00
Mariusz Felisiak
0a4c5e56b4 [4.2.x] Added release date for 4.2.9. 
Backport of f82a2c3b3d553f36661cfdce5261bffb669d68a9 from main.
 2024-01-02 09:59:12 +01:00
Tom Carrick
ca43990813 [4.2.x] Fixed #35012 -- Restored wrapping admin fieldsets with multiple fields per line. 
Thanks James Gillard for the report.

Regression in 729266c6f29c7a0677b24926a86a767ef3078b26.

Backport of 4aae864463b149393a36e0b18345cf6ed392634d from main
 2023-12-13 12:34:53 +01:00
Mariusz Felisiak
d9ba0ea6cb [4.2.x] Added stub release notes for 4.2.9. 
Backport of 464af0975cac6abc46b3e5c3305194c958fc465b from main
 2023-12-05 06:12:20 +01:00
Mariusz Felisiak
a315e82f31 [4.2.x] Post-release version bump. 2023-12-04 09:29:47 +01:00
Mariusz Felisiak
dff965798e [4.2.x] Bumped version for 4.2.8 release. 4.2.8 2023-12-04 09:26:51 +01:00
Mariusz Felisiak
52e28e5fbf [4.2.x] Added release date for 4.2.8. 
Backport of 8fcb9f1f106cf60d953d88aeaa412cc625c60029 from main
 2023-12-04 09:25:56 +01:00
Mariusz Felisiak
6e2d9f0aa8 [4.2.x] Fixed #35006 -- Fixed migrations crash when altering Meta.db_table_comment on SQLite. 
Thanks Юрий for the report.

Regression in 78f163a4fb3937aca2e71786fbdd51a0ef39629e.
Backport of 37fc832a54ad37e75a898a2c8f9ab0820617c4af from main
 2023-11-30 10:11:28 +01:00
Adam Johnson
5b698cbcf1 [4.2.x] Removed link to lawrence.com in contrib.sites docs. 
lawrence.com has since become a redirect to LJWorld.com,
making the link pointless.
Backport of 9e7ac5890147a8271eb5eb19bb88ab93dadc6c6d from main
 2023-11-28 20:12:09 +01:00
Tom Carrick
bd0ea8c2ba [4.2.x] Fixed #34982 -- Fixed admin's read-only password widget and help texts alignment for tablet screen size. 
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>

Backport of 729266c6f29c7a0677b24926a86a767ef3078b26 from main
 2023-11-27 15:20:59 -03:00
Mariusz Felisiak
cdb14cc18b [4.2.x] Fixed #34978, Refs #31331 -- Added backward incompatibility note about raw aggregations on MySQL. 
Thanks Matthew Somerville for the report.

Backport of a652f0759651dd7103ed04336ef85dc410f680c1 from main
 2023-11-27 12:44:18 -03:00
Nathaniel Conroy
450d518d2f [4.2.x] Fixed #34992 -- Fixed DatabaseFeatures.allows_group_by_selected_pks on MariaDB with ONLY_FULL_GROUP_BY sql mode. 
Regression in 041551d716b69ee7c81199eee86a2d10a72e15ab.

Backport of 0257426fe1fe9d146fd5813f09d909917ff59360 from main.
 2023-11-27 10:35:56 +01:00
Tom Carrick
bac9e94ace [4.2.x] Fixed #34994 -- Fixed checkbox layout in admin's change page for narrow screen widths. 
Regression in d687febce5868545f99974d2499a91f81a32fef5.

Backport of a89c715c3bcf7ab1a90747cf8658ebce6304b6e4 from main
 2023-11-23 16:57:21 -03:00
Tom Carrick
3d943c4f55 [4.2.x] Fixed #34991 -- Fixed pagination links and input layout in admin's change list page when using list_editable. 
Regression in b4817d20b9e55df30be0b1b2ca8c8bb6d61aab07.

Thanks Tom Carrick for the report and fix.

Backport of 4eb9c3d90aff55182151b6be0122f7d0b28832fd from main
 2023-11-23 10:22:34 -03:00
Simon Charette
cf95de9d24 [4.2.x] Fixed #34987 -- Fixed queryset crash when mixing aggregate and window annotations. 
Regression in f387d024fc75569d2a4a338bfda76cc2f328f627.

Just like `OrderByList` the `ExpressionList` expression used to wrap
`Window.partition_by` must implement `get_group_by_cols` to ensure the
necessary grouping when mixing window expressions with aggregate
annotations is performed against the partition members and not the
partition expression itself.

This is necessary because while `partition_by` is implemented as
a source expression of `Window` it's actually a fragment of the WINDOW
expression at the SQL level and thus it should result in a group by its
members and not the sum of them.

Thanks ElRoberto538 for the report.
Backport of e76cc93b0168fa3abbafb9af1ab4535814b751f0 from main
 2023-11-23 06:10:24 +01:00
Tim Schilling
6d7313bc87 [4.2.x] Fixed #34990 -- Changed link to OWASP in CSRF docs. 
The OWASP site is the standard resource for web application
security information.
Backport of aceee39d44994df20d13104e55ae61845d7a1e95 from main
 2023-11-23 05:28:43 +01:00
Mariusz Felisiak
9afeb6b9b6 [4.2.x] Refs #34118 -- Doc'd Python 3.12 compatibility in Django 4.2.x. 
Backport of ecfea054ee2b8ddfa027459ff8b6aecba05facf7 from main.
 2023-11-19 16:38:33 +01:00
Mariusz Felisiak
233e2a9e31 [4.2.x] Refs #34118 -- Added Python 3.12 to classifiers and tox.ini. 
Backport of f955c90488e1f32e6e38b3c956e937579d389fb2 from main.
 2023-11-19 16:34:36 +01:00
Mariusz Felisiak
b5750b9f64
[4.2.x] Refs #34118 -- Fixed stacklevel in complex_setting_changed on Python 3.12. 
This fix is unnecessary in Django 5.0 since
e83a88566a71a2353cebc35992c110be0f8628af because signals no longer use
sync_to_async().
 2023-11-19 16:29:13 +01:00
Simon Charette
acf4cee951 [4.2.x] Fixed #34975 -- Fixed crash of conditional aggregate() over aggregations. 
Adjustments made to solve_lookup_type to defer the resolving of
references for summarized aggregates failed to account for similar
requirements for lookup values which can also reference annotations
through Aggregate.filter.

Regression in b181cae2e3697b2e53b5b67ac67e59f3b05a6f0d.

Refs #25307.

Thanks Sergey Nesterenko for the report.

Backport of 7530cf3900ab98104edcde69e8a2a415e82b345a from main
 2023-11-18 16:53:24 +01:00
Markus Amalthea Magnuson
47f9b8dca1 [4.2.x] Fixed #34970 -- Clarified Password Validation docs regarding the password_changed callback. 
Backport of 61c305f298da1b4079a80721c861d0663dc8717e from main
 2023-11-15 21:51:32 -03:00