mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-31 19:46:42 +00:00
Code Issues 32 Releases Wiki Activity
31,715 Commits 29 Branches 438 Tags
Commit Graph

4540 Commits

Author SHA1 Message Date
Natalia
2b00edc015 [4.2.x] Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method. 
Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews.
 2024-07-09 10:40:48 -03:00
Michael Manfre
156d3186c9 [4.2.x] Fixed CVE-2024-39329 -- Standarized timing of verify_password() when checking unusuable passwords. 
Refs #20760.

Thanks Michael Manfre for the fix and to Adam Johnson for the review.
 2024-07-09 10:40:46 -03:00
Adam Johnson
79f3687642 [4.2.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thank you to Elias Myllymäki for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2024-07-09 10:40:37 -03:00
Natalia
446cdab134 [4.2.x] Added stub release notes for 4.2.14. 2024-07-03 14:18:28 -03:00
Sarah Boyce
b46b94e66c [4.2.x] Added release notes for 4.2.13. 
Backport of 90175e110e7cfcf07f4ccdaadc45d7ed6302ce00 from main.
 2024-05-07 17:35:16 +02:00
Sarah Boyce
3f9c8fc1f9 [4.2.x] Added release date for 4.2.12. 
Backport of 34a503162fe222033a1cd3249bccad014fcd1d20 from main.
 2024-05-06 14:44:17 +02:00
Sarah Boyce
256f719cb3 [4.2.x] Reverted "Fixed #34994, Fixed #35386 -- Applied checkbox-row CSS class unconditionally in Admin." 
This reverts commit 0fc832676cd585fa420d583937b5b2318bc2c629.
 2024-04-19 13:29:30 +02:00
Adam Johnson
0fc832676c [4.2.x] Fixed #34994, Fixed #35386 -- Applied checkbox-row CSS class unconditionally in Admin. 
Backport of bdd76c4c3817d8e3ed5b0450d5e18e4eae096f16 from main.
 2024-04-19 11:28:02 +02:00
Natalia
1d85b416aa [4.2.x] Refs #35361 -- Clarified release notes for 4.2.12. 
Backport of cd823778e66307b82469858cfd8d1aa75613b49a from main.
 2024-04-12 15:07:36 +02:00
Natalia
27c32cc991 [4.2.x] Fixed #35361 -- Added release notes for 4.2.12 for backport of b231bcd19e57267ce1fc21d42d46f0b65fdcfcf8. 
Backport of 42435fc55cbf7c04c1389ee46cc50e2565b40e37 from main.
 2024-04-10 18:29:33 +02:00
Mariusz Felisiak
a76c52b19a [4.2.x] Added CVE-2024-27351 to security archive. 
Backport of da39ae4b5f056a332b5c48402a2ae11767e7d577 from main
 2024-03-04 10:12:58 +01:00
Shai Berger
3c9a2771cc [4.2.x] Fixed CVE-2024-27351 -- Prevented potential ReDoS in Truncator.words(). 
Thanks Seokchan Yoon for the report.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2024-03-04 08:36:56 +01:00
Mariusz Felisiak
7973951139 [4.2.x] Added release date for 4.2.11 and 3.2.25. 
Backport of 977d25416954a72ad100b01762078bf1ceb89a63 from main
 2024-02-26 08:29:04 +01:00
Mariusz Felisiak
cb173bb088 [4.2.x] Fixed #35172 -- Fixed intcomma for string floats. 
Thanks Warwick Brown for the report.

Regression in 55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9.

Backport of 2f14c2cedc9c92373471c1f98a80c81ba299584a from main.
 2024-02-08 11:00:36 +01:00
Natalia
227ef29cff [4.2.x] Added CVE-2024-24680 to security archive. 
Backport of c650c1412d1933e339cc93f9b6745c3eedb1c25b from main
 2024-02-06 12:16:50 -03:00
Adam Johnson
572ea07e84 [4.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter. 
Thanks Seokchan Yoon for the report.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Co-authored-by: Shai Berger <shai@platonix.com>
 2024-02-06 09:56:20 -03:00
Natalia
74582b8d11 [4.2.x] Added stub release notes for 4.2.10 and 3.2.24. 
Backport of 06d0a1bd56a9899c351ca047a05813e8dd6a4e17 from main
 2024-01-29 12:09:52 -03:00
Mariusz Felisiak
0a4c5e56b4 [4.2.x] Added release date for 4.2.9. 
Backport of f82a2c3b3d553f36661cfdce5261bffb669d68a9 from main.
 2024-01-02 09:59:12 +01:00
Tom Carrick
ca43990813 [4.2.x] Fixed #35012 -- Restored wrapping admin fieldsets with multiple fields per line. 
Thanks James Gillard for the report.

Regression in 729266c6f29c7a0677b24926a86a767ef3078b26.

Backport of 4aae864463b149393a36e0b18345cf6ed392634d from main
 2023-12-13 12:34:53 +01:00
Mariusz Felisiak
d9ba0ea6cb [4.2.x] Added stub release notes for 4.2.9. 
Backport of 464af0975cac6abc46b3e5c3305194c958fc465b from main
 2023-12-05 06:12:20 +01:00
Mariusz Felisiak
52e28e5fbf [4.2.x] Added release date for 4.2.8. 
Backport of 8fcb9f1f106cf60d953d88aeaa412cc625c60029 from main
 2023-12-04 09:25:56 +01:00
Mariusz Felisiak
6e2d9f0aa8 [4.2.x] Fixed #35006 -- Fixed migrations crash when altering Meta.db_table_comment on SQLite. 
Thanks Юрий for the report.

Regression in 78f163a4fb3937aca2e71786fbdd51a0ef39629e.
Backport of 37fc832a54ad37e75a898a2c8f9ab0820617c4af from main
 2023-11-30 10:11:28 +01:00
Tom Carrick
bd0ea8c2ba [4.2.x] Fixed #34982 -- Fixed admin's read-only password widget and help texts alignment for tablet screen size. 
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>

Backport of 729266c6f29c7a0677b24926a86a767ef3078b26 from main
 2023-11-27 15:20:59 -03:00
Mariusz Felisiak
cdb14cc18b [4.2.x] Fixed #34978, Refs #31331 -- Added backward incompatibility note about raw aggregations on MySQL. 
Thanks Matthew Somerville for the report.

Backport of a652f0759651dd7103ed04336ef85dc410f680c1 from main
 2023-11-27 12:44:18 -03:00
Nathaniel Conroy
450d518d2f [4.2.x] Fixed #34992 -- Fixed DatabaseFeatures.allows_group_by_selected_pks on MariaDB with ONLY_FULL_GROUP_BY sql mode. 
Regression in 041551d716b69ee7c81199eee86a2d10a72e15ab.

Backport of 0257426fe1fe9d146fd5813f09d909917ff59360 from main.
 2023-11-27 10:35:56 +01:00
Tom Carrick
bac9e94ace [4.2.x] Fixed #34994 -- Fixed checkbox layout in admin's change page for narrow screen widths. 
Regression in d687febce5868545f99974d2499a91f81a32fef5.

Backport of a89c715c3bcf7ab1a90747cf8658ebce6304b6e4 from main
 2023-11-23 16:57:21 -03:00
Tom Carrick
3d943c4f55 [4.2.x] Fixed #34991 -- Fixed pagination links and input layout in admin's change list page when using list_editable. 
Regression in b4817d20b9e55df30be0b1b2ca8c8bb6d61aab07.

Thanks Tom Carrick for the report and fix.

Backport of 4eb9c3d90aff55182151b6be0122f7d0b28832fd from main
 2023-11-23 10:22:34 -03:00
Simon Charette
cf95de9d24 [4.2.x] Fixed #34987 -- Fixed queryset crash when mixing aggregate and window annotations. 
Regression in f387d024fc75569d2a4a338bfda76cc2f328f627.

Just like `OrderByList` the `ExpressionList` expression used to wrap
`Window.partition_by` must implement `get_group_by_cols` to ensure the
necessary grouping when mixing window expressions with aggregate
annotations is performed against the partition members and not the
partition expression itself.

This is necessary because while `partition_by` is implemented as
a source expression of `Window` it's actually a fragment of the WINDOW
expression at the SQL level and thus it should result in a group by its
members and not the sum of them.

Thanks ElRoberto538 for the report.
Backport of e76cc93b0168fa3abbafb9af1ab4535814b751f0 from main
 2023-11-23 06:10:24 +01:00
Mariusz Felisiak
9afeb6b9b6 [4.2.x] Refs #34118 -- Doc'd Python 3.12 compatibility in Django 4.2.x. 
Backport of ecfea054ee2b8ddfa027459ff8b6aecba05facf7 from main.
 2023-11-19 16:38:33 +01:00
Simon Charette
acf4cee951 [4.2.x] Fixed #34975 -- Fixed crash of conditional aggregate() over aggregations. 
Adjustments made to solve_lookup_type to defer the resolving of
references for summarized aggregates failed to account for similar
requirements for lookup values which can also reference annotations
through Aggregate.filter.

Regression in b181cae2e3697b2e53b5b67ac67e59f3b05a6f0d.

Refs #25307.

Thanks Sergey Nesterenko for the report.

Backport of 7530cf3900ab98104edcde69e8a2a415e82b345a from main
 2023-11-18 16:53:24 +01:00
Adam Johnson
90c3d71dfe [4.2.x] Fixed #34457 -- Restored output for makemigrations --check. 
Co-authored-by: David Sanders <shang.xiao.sanders@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of f7389c4b07ceeb036436e065898e411b247bca78 from main
 2023-11-09 11:05:54 -03:00
Mariusz Felisiak
ce44eaf6d0 [4.2.x] Added stub release notes for 4.2.8. 
Backport of 36173cf29d6ad0b0f0cd24326834dddfff2db7f3 from main
 2023-11-01 08:25:36 +01:00
Mariusz Felisiak
e4c9703ec6 [4.2.x] Added CVE-2023-46695 to security archive. 
Backport of 7caf2621833a45cdfe7e6e305e4885ecc8d79744 from main
 2023-11-01 08:17:50 +01:00
Mariusz Felisiak
048a9ebb6e [4.2.x] Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows. 
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
 2023-11-01 06:19:20 +01:00
Tom Carrick
109f39a38b [4.2.x] Fixed #34932 -- Restored varchar_pattern_ops/text_pattern_ops index creation when deterministic collaction is set. 
Regression in f3f9d03edf17ccfa17263c7efa0b1350d1ac9278 (4.2) and
8ed25d65ea7546fafd808086fa07e7e5bb5428fc (5.0).

Backport of 34b411762b50883d768d7b67e0a158ec39da8b09 from main.
 2023-10-30 11:14:08 +01:00
Mariusz Felisiak
0cd8b867a0 [4.2.x] Added stub release notes and release date for 4.2.7, 4.1.13, and 3.2.23. 
Backport of fdd1323b9c83e56184e0c992af8faf8d54327775 from main
 2023-10-25 05:43:24 +02:00
Claire Pritchard
510a512119 [4.2.x] Fixed typo in docs/releases/4.2.txt. 
Backport of 61cc0e6f2c5115415e70e0a7eddd59b7c2aed40d from main
 2023-10-22 11:03:08 +02:00
Simon Charette
803caec60b [4.2.x] Fixed #34798 -- Fixed QuerySet.aggregate() crash when referencing expressions containing subqueries. 
Regression in 59bea9efd2768102fc9d3aedda469502c218e9b7,
complements e5c844d6f2a4ac6ae674d741b5f1fa2a688cedf4.

Refs #28477, #34551.

Thanks Haldun Komsuoglu for the report.

Backport of 3b4a571275d967512866012955eb0b3ae486d63c from main
 2023-10-16 06:15:36 +02:00
Adam Johnson
caec4f4a6f [4.2.x] Refs #34840 -- Improved release note describing index regression. 
Backport of 73b2c63127297e214d3bfdc8d9a96837691fc2a0 from main
 2023-10-15 10:28:07 +02:00
Mariusz Felisiak
0bd53ab86a [4.2.x] Added backticks to setuptools in docs. 
Backport of 54b23b1835a8044c35754525dfcf2c3027d79aa8 from main
 2023-10-09 09:57:35 +02:00
Natalia
9962f94a97 [4.2.x] Added CVE-2023-43665 to security archive. 
Backport of 4e790271e3e65c9ad037b347a34fa95e11982228 from main
 2023-10-04 13:09:25 -03:00
Natalia
b2d95bb301 [4.2.x] Added stub release notes for 4.2.7. 
Backport of 034457941abf33b194cb145443575bf7fb454faf from main
 2023-10-04 13:09:11 -03:00
Natalia
be9c27c4d1 [4.2.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text. 
Thanks Wenchao Li of Alibaba Group for the report.
 2023-10-04 09:39:49 -03:00
Natalia
39fc3f46a8 [4.2.x] Added stub release notes and release date for 4.2.6, 4.1.12, and 3.2.22. 
Backport of 5e4b75b78a7a84bc30170c2b8e7434525e745c1b from main
 2023-09-27 14:27:44 -03:00
Mariusz Felisiak
a148461f1f [4.2.x] Fixed #34840 -- Avoided casting string base fields on PostgreSQL. 
Thanks Alex Vandiver for the report.

Regression in 09ffc5c1212d4ced58b708cbbf3dfbfb77b782ca.

Backport of 779cd28acb1f7eb06f629c0ea4ded99b5ebb670a from main.
 2023-09-22 06:07:19 +02:00
Mariusz Felisiak
97e8a2afb1 [4.2.x] Fixed #34821 -- Prevented DEFAULT_FILE_STORAGE/STATICFILES_STORAGE settings from mutating the main STORAGES. 
Regression in 6b965c600054f970bdf94017ecf2e0e6e0a4326b.
Backport of a7c73b944f51d6c92ec876fd7e0a171e7c01657d from main
 2023-09-11 13:04:55 +02:00
Mariusz Felisiak
592ebd8920 [4.2.x] Added stub release notes for 4.2.6. 
Backport of a534835c7b4cf1556638edd39acde7b2b88c8892 from main
 2023-09-04 13:25:56 +02:00
Mariusz Felisiak
a1dd785139 [4.2.x] Added CVE-2023-41164 to security archive. 
Backport of 8a98768868a104ea3ce10d8182590bdd095d9ccb from main
 2023-09-04 13:17:59 +02:00
Mariusz Felisiak
9c51b4dcfa [4.2.x] Fixed CVE-2023-41164 -- Fixed potential DoS in django.utils.encoding.uri_to_iri(). 
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.

Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
 2023-09-04 12:05:35 +02:00
willzhao
acfb427522 [4.2.x] Fixed #34803 -- Fixed queryset crash when filtering againts deeply nested OuterRef annotations. 
Thanks Pierre-Nicolas Rigal for the report.

Regression in c67ea79aa981ae82595d89f8018a41fcd842e7c9.

Backport of 9cc0d7f7f85cecc3ad15bbc471fe6a08e4f515b6 from main
 2023-09-01 11:25:00 +02:00