Nick Pope
8c660fb592
Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language.
...
The parsed values of Accept-Language headers are cached in order to
avoid repetitive parsing. This leads to a potential denial-of-service
vector via excessive memory usage if the raw value of Accept-Language
headers is very large.
Accept-Language headers are now limited to a maximum length in order
to avoid this issue.
2023-02-01 09:44:04 +01:00
sage
110b3b8356
Fixed #34304 -- Made MySQL's SchemaEditor.remove_constraint() don't create foreign key index when unique constraint is ignored.
...
Regression in b731e88415
2023-01-31 11:52:07 +01:00
Stanislav Volyk
20a0850099
Fixed #34283 -- Escaped title in admin's changelist filters.
...
Regression in 27aa7035f5
2023-01-30 09:37:53 +01:00
Sarah Boyce
8acc433e41
Fixed #28054 -- Made runserver not return response body for HEAD requests.
...
Co-authored-by: jannschu <jannik.schuerg@posteo.de >
2023-01-27 21:49:54 +01:00
Mariusz Felisiak
82dad11bfe
Refs #34255 -- Skipped test_group_by_nested_expression_with_params test on PostgreSQL when server-side binding cursors are used.
...
Thanks Tim Graham for the review.
2023-01-27 21:28:10 +01:00
Raj Desai
246eb4836a
Fixed #34254 -- Fixed return value of Exists() with empty queryset.
...
Thanks Simon Charette for reviews.
2023-01-26 19:54:48 +01:00
Simon Sawicki
7eb5391b71
Fixed #34294 -- Protected django.core.files.locks against argtypes redefinition on Windows.
2023-01-26 19:39:33 +01:00
Mariusz Felisiak
2b1242abb3
Fixed #34291 -- Fixed Meta.constraints validation crash on UniqueConstraint with ordered expressions.
...
Thanks Dan F for the report.
Bug in 667105877e
2023-01-26 09:31:40 +01:00
朱穆穆
d3c93cdc59
Fixed #34227 -- Fixed QuerySet.select_related() with multi-level FilteredRelation.
2023-01-24 10:20:27 +01:00
Matt Westcott
ef85b6bf0b
Fixed #34192 -- Preserved callable storage when it returns default_storage.
2023-01-23 10:29:17 +01:00
Claude Paroz
e3a4cee081
Fixed #34278 -- Made translatable string plural-aware in SelectFilter2.js.
...
Bug in be63c78760
2023-01-23 06:08:41 +01:00
touhf
e1a093f8cb
Added short description to remove_stale_contenttypes command.
2023-01-20 12:58:51 +01:00
Francesco Panico
cc8aa6bf9c
Fixed #34267 -- Fixed sliced QuerySet.union() crash.
...
Regression in 3d734c09ff
2023-01-20 08:51:38 +01:00
Niccolò Mineo
79c298c9ce
Fixed #34266 -- Added ClosestPoint GIS database functions.
2023-01-20 08:13:43 +01:00
David Wobrock
4b066bde69
Fixed #34272 -- Fixed floatformat crash on zero with trailing zeros to zero decimal places.
...
Regression in 08c5a78726
2023-01-19 10:15:40 +01:00
Nick Pope
39f83765e1
Refs #32528 -- Simplified MigrationAutodetector._sort_migrations().
2023-01-19 06:34:28 +01:00
Nick Pope
1e62a64202
Refs #32528 -- Simplified Media.merge().
...
This avoids building up a second datastructure for the duplicate files
warning case and simply flatten and strip duplicates if that case ever
arises.
2023-01-19 06:33:39 +01:00
Nick Pope
1282b5e420
Fixed #32528 -- Replaced django.utils.topological_sort with graphlib.TopologicalSort().
...
graphlib.TopologicalSort() is available since Python 3.9.
2023-01-19 06:31:40 +01:00
Nick Pope
4470c2405c
Refs #34233 -- Used @functools.cache.
...
Python 3.9+ supports @functools.cache as an alias for
@functools.lru_cache(maxsize=None).
2023-01-18 19:23:18 +01:00
Mariusz Felisiak
23e8868862
Refs #34233 -- Used str.removeprefix()/removesuffix().
2023-01-18 19:11:18 +01:00
Nick Pope
fd21f82aa8
Refs #34233 -- Used types.NoneType.
...
Available since Python 3.10 where it was reintroduced.
2023-01-18 17:27:23 +01:00
Nick Pope
26a395f27d
Refs #34233 -- Used aiter() and anext().
...
Available since Python 3.10.
2023-01-18 13:45:07 +01:00
Mariusz Felisiak
a04565845a
Refs #34233 -- Referenced isocalendar() results by names not indexes.
...
isocalendar() returns a namedtuple() instead of tuple in Python 3.9+
2023-01-18 12:57:54 +01:00
Mariusz Felisiak
b209518089
Refs #32339 -- Deprecated transitional form renderers.
2023-01-18 11:08:39 +01:00
Mariusz Felisiak
3bbe22dafc
Fixed #34233 -- Dropped support for Python 3.8 and 3.9.
2023-01-18 09:46:01 +01:00
Mariusz Felisiak
4fc711a108
Increased the default PBKDF2 iterations for Django 5.0.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
f39f120302
Advanced deprecation warnings for Django 5.0.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
003081468e
Refs #33263 -- Removed warning in BaseDeleteView when delete() method is overridden.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
94ad46e9d8
Refs #33543 -- Made Expression.asc()/desc() and OrderBy raise ValueError when nulls_first/nulls_last=False is passed.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
98756c685e
Refs #32339 -- Changed default form and formset rendering style to div-based.
...
Per deprecation timeline.
This also removes "django/forms/default.html" and
"django/forms/formsets/default.html" templates.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
b5ac6e78f8
Refs #33691 -- Removed django.contrib.auth.hashers.CryptPasswordHasher per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
ce7b4f39e3
Refs #27674 -- Removed django.contrib.gis.admin.OpenLayersWidget per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
71d1203b07
Refs #33348 -- Removed support for passing response object and form/formset name to SimpleTestCase.assertFormError()/assertFormSetError().
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
d6816bff73
Refs #32365 -- Removed django.utils.timezone.utc per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
9a01311d20
Refs #15619 -- Removed support for logging out via GET requests.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
ba082e0952
Refs #33561 -- Made created=True required in signature of RemoteUserBackend.configure_user() subclasses.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
4d78d7338c
Refs #31486 -- Removed ability to pass unsaved model instances to related filters.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
1391356276
Refs #29984 -- Made QuerySet.iterator() without chunk_size raise ValueError after prefetch_related().
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
b119f4329c
Refs #29708 -- Removed PickleSerializer per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
23c8787439
Refs #33348 -- Removed support for passing errors=None to SimpleTestCase.assertFormError()/assertFormsetErrors().
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
23ec318988
Refs #33342 -- Removed ExclusionConstraint.opclasses per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
5c10041f46
Refs #30127 -- Removed name argument for django.utils.functional.cached_property().
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
e01970e9d2
Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
daf88e778b
Refs #25916 -- Removed SitemapIndexItem.__str__() per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
31878b4d73
Refs #31026 -- Removed ability to return string when rendering ErrorDict/ErrorList.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
182d25eb7a
Refs #31026 -- Removed BaseForm._html_output() per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
4982958ec0
Refs #27674 -- Removed GeoModelAdmin and OSMGeoAdmin per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
2fad163257
Refs #32365 -- Removed is_dst argument for various methods and functions.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
e6f82438d4
Refs #32365 -- Removed support for pytz timezones per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
8d98f99a4a
Refs #32873 -- Removed settings.USE_L10N per deprecation timeline.
2023-01-17 11:49:15 +01:00
